Skillv1.0.0

ClawScan security

Barefoot Doctor 1.0.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 19, 2026, 11:00 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is broadly consistent with a local, instruction-driven medical assistant (no network/credentials requested), but the packaging is inconsistent: SKILL.md references multiple files and a helper script that are not present in the bundle, which indicates sloppy or incomplete packaging and warrants caution before installation or use.
Guidance: This skill appears to be a local, reference-driven medical assistant and does not request credentials or perform network I/O, which is good. However, the manifest is inconsistent with SKILL.md: several referenced reference documents and a helper script (herb_interaction.py) are mentioned but missing. Before installing or enabling for autonomous use: 1) ask the publisher/source for the missing files or for a corrected package; 2) inspect any additional scripts (especially herb_interaction.py if provided later) for network calls or credential use; 3) test the included diagnose.py locally to confirm it behaves as expected; 4) remember this is advisory-only — do not rely on it for emergency or definitive diagnoses and keep the built-in disclaimer in user-facing responses. If you need full coverage of the manual chapters referenced in SKILL.md, obtain the complete reference files or consider a different, fully packaged skill.

Review Dimensions

Purpose & Capability: noteThe name and description match the contained behavior: a local, reference-driven medical advice agent using included reference docs and a diagnose.py helper. No unexpected binaries, env vars, or external credentials are requested. However, SKILL.md and file manifest disagree about what reference documents and scripts exist (e.g., many references like pediatrics.md, infectious-diseases.md and a scripts/herb_interaction.py are mentioned but not present), which reduces confidence that the skill is complete or correctly packaged.
Instruction Scope: concernRuntime instructions tell the agent to read local reference files and to call scripts/diagnose.py. diagnose.py exists and is local with no network calls, which is fine. But SKILL.md also instructs reading multiple reference files and using an additional script (herb_interaction.py) that are missing from the manifest; this may cause runtime errors or cause the agent to attempt other (unspecified) actions to recover context. The instructions otherwise stay within the medical-advice scope and include mandatory disclaimers and forbidden actions (e.g., not diagnosing malignant tumors, not recommending prescription drugs).
Install Mechanism: okNo install spec is provided (instruction-only style with bundled docs and a small script). That is the lowest-risk install model and there are no downloads or external package installs referenced.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. The included script runs only local logic and prints JSON; there are no network endpoints or secret-access patterns present in the provided files.
Persistence & Privilege: okalways is false and the skill does not request any elevated or persistent platform privileges. It does not modify other skills or system-wide settings based on the provided files.