Back to skill
Skillv1.0.0
ClawScan security
Macau Clinic AI System · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 5:13 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, design/consulting skill that aligns with its stated purpose (helping design AI systems for Macau clinics) and requests no credentials or installs, so its footprint is coherent with its description.
- Guidance
- This skill is a consulting/design template and appears coherent, but it deals with medical systems conceptually. Before using it for real projects: (1) don't paste or upload real patient data into the agent or third-party services without appropriate legal/ethical safeguards; (2) if you implement integrations (e.g., OpenAI, WhatsApp, eHR), provide only the minimum credentials needed and follow local privacy/regulatory requirements; (3) note the referenced 'projects/...' file is not included — clarify where that content should come from if you expect the agent to use it; (4) audit any implementation code you build from these plans for security and compliance.
Review Dimensions
- Purpose & Capability
- okThe name and description advertise a consulting/design skill for clinic AI systems; the SKILL.md contains high-level proposals, pricing, tech stack and example prompts. No unexpected binaries, config paths, or credentials are requested, which is proportionate for a design-only skill.
- Instruction Scope
- noteThe SKILL.md is high-level and only provides templates and example prompts. It references a local path ('projects/macau-clinic-ai-proposal.md') that is not included in the package — this is informational but may lead an agent to try to read a missing local file. The instructions do not tell the agent to access environment variables, system files, or external endpoints directly.
- Install Mechanism
- okNo install spec or code files are present; this is the lowest-risk model (instruction-only). Nothing will be downloaded or written to disk by the skill itself.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. Although the content mentions integration targets (OpenAI, WhatsApp, eHR), those are part of the suggested architecture rather than required by the skill itself.
- Persistence & Privilege
- okalways is false and there are no indications the skill requests permanent system presence or modifies other skills. Autonomous invocation is allowed (platform default) but not combined with other risky requests.