Skillv1.0.0

ClawScan security

TCM Diagnosis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 1:38 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, runtime instructions, and local scripts are coherent with a Traditional Chinese Medicine reference/diagnosis assistant and do not request secrets or perform network/exfiltration in the provided content.
Guidance: This package appears coherent and self-contained: it provides a local TCM knowledge base, safety warnings, and simple scripts that check files. Before installing or relying on medical suggestions: 1) Note provenance is unknown (no homepage or clear author contact) — verify the source if you need trust or liability assurance. 2) Do not treat its recommendations as a replacement for professional medical care. 3) If you will use it with real user data, avoid sending personally identifiable or sensitive health information to third parties and review any agent integrations for network access. 4) You may run the provided scripts in a sandbox first (they only read local files) to confirm behavior. If you need higher assurance, request author identity, licensing, or an audit of the knowledge sources.

Review Dimensions

Purpose & Capability: okThe name/description (TCM diagnosis, four diagnostics, pattern differentiation, formulas, diet) match the shipped content: knowledge bases, identity/operations docs, and startup/verify scripts. There are no unexpected credentials, unrelated binaries, or config paths requested that would be inconsistent with a TCM assistant. Note: source/homepage are missing (owner ID present), so provenance is unknown even though the internal contents align with the declared purpose.
Instruction Scope: okSKILL.md instructs the agent to run ./scripts/startup.sh and ./scripts/verify.sh and to interact via certain trigger words. The scripts only check local repo files, count markdown headings, and print safety warnings. They do not read system-wide secrets, nor call external endpoints, nor instruct the agent to collect/transmit unrelated data. The instructions include appropriate safety disclaimers for medical use.
Install Mechanism: okThere is no install spec (instruction-only). The two provided shell scripts are lightweight checks and do not download or extract remote artifacts. No high-risk install mechanism (no URL downloads, no package installs) is present.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. The scripts operate only on files bundled in the skill. There are no names like SECRET/TOKEN/PASSWORD requested. This is proportionate to a local knowledge-based assistant.
Persistence & Privilege: okThe skill is not marked always:true and uses default autonomy settings. It does not modify other skills or system-wide configs; its scripts only examine files in the skill directory. There is no evidence it attempts to persist credentials or escalate privileges.