Dermatologist
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: dermatologist Version: 1.0.0 The 'Dermatologist' skill is a well-structured tool for local tracking of skin concerns and preparation for clinical visits. It includes extensive safety guardrails, emergency triage logic (red-flags.md), and explicit privacy boundaries (legal-boundaries.md) that prohibit the collection of sensitive images or data from minors. The only executable code is a standard local directory setup script in setup.md, and the skill explicitly avoids external network communication.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could believe the skill never asks for these highly sensitive photos, while a later workflow may allow the agent to request or track them in some circumstances.
This creates an exception to the stricter SKILL.md and legal-boundaries.md promises not to request or store intimate-area images or photos of minors, making the user-facing privacy boundary inconsistent.
Do not ask for intimate-area or minor photos unless a lawful caregiver context is already clear and the user explicitly wants tracking.
Resolve the contradiction before use: either enforce the strict no-minor/no-intimate-photo rule everywhere, or clearly disclose the limited caregiver exception and add explicit storage, deletion, and clinician-workflow safeguards.
Skin concerns, treatment history, clinician context, and photo metadata may remain on the device across sessions.
The skill intentionally persists sensitive health-related records locally, which is aligned with its tracking purpose and disclosed, but users should treat the directory as private health data.
Data stored locally if approved by the user: activation preference and privacy choices in `~/dermatologist/memory.md`; one case folder per skin concern with dated notes, photo metadata, and treatment logs
Approve storage only if comfortable, keep the device account protected, inspect ~/dermatologist/ periodically, and use delete/export workflows when records are no longer needed.
If run, these commands create local folders and a memory file for the skill.
The skill documents shell commands that modify the user's home directory. They are disclosed, scoped, and permission-gated, so this is a notice rather than a concern.
Ask permission before writing local files: mkdir -p ~/dermatologist/cases ~/dermatologist/exports ~/dermatologist/archive; touch ~/dermatologist/memory.md; chmod 700 ~/dermatologist
Run the setup only after confirming the path and understanding that it will create persistent local health-record files.