Skillv1.0.0

ClawScan security

Medical Document Processor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 6, 2026, 5:05 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only medical document summarizer whose declared purpose, required resources, and instructions are internally consistent — it does not request unrelated credentials or install anything unusual.
Guidance: This skill appears to do what it says and doesn't ask for credentials or install code, but it will process sensitive patient data. Before installing or using it: (1) avoid pasting real PHI unless you trust the execution environment and retention policies; test with de-identified examples first; (2) confirm how the platform and agent handle outbound network fetches (the skill allows 'links' but gives no guidance — decide whether the agent is permitted to fetch URLs); (3) verify logs, retention, and whether model-provider telemetry could leak content; (4) have clinicians review outputs before taking clinical action; and (5) if you need stricter guarantees (HIPAA/GDPR), use a vetted, compliant tool or restrict this skill to non-identifiable test data.

Purpose & Capability: okName, description, and runtime instructions all describe medical document summarization, report analysis, and literature extraction. The skill declares no binaries, environment variables, or installs — this is proportionate for an instruction-only text-processing skill.
Instruction Scope: concernSKILL.md is mostly scoped to summarization and analysis and explicitly forbids giving diagnoses and asks to remove personal identifiers. However the instructions are somewhat vague about operational details: users are allowed to paste links but the skill gives no guidance about whether or how the agent may fetch external URLs, and there are no concrete sanitization steps or verification methods for de-identification. The openness could lead an agent to fetch network resources or mishandle PHI unless constrained by platform policies.
Install Mechanism: okNo install specification or code files — instruction-only skills have low installation risk because nothing is written or executed on disk by the skill itself.
Credentials: okThe skill requests no environment variables, credentials, or config paths. That is appropriate given its stated purpose; there are no unexplained credential requests.
Persistence & Privilege: okalways is false and the skill does not request persistent presence or elevated privileges. Autonomous model invocation is allowed by platform default but is not combined with other red flags here.