Api Odontosoft
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Odontosoft dental appointment API skill, but it uses an API token and can look up patients and create appointments.
This skill is coherent for managing Odontosoft appointments. Before installing, make sure you trust the publisher and configure only the official Odontosoft API URL with a least-privilege token, because the skill can search patient records and create appointments.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could create an unwanted dental appointment.
The skill can create a dental appointment, which is a real-world scheduling change, but the documented workflow tells the agent to confirm details with the user before booking.
4. Confirmar datos con el usuario 5. `agendar_turno`
Only allow booking after the user has confirmed patient, doctor, date, time, and reason.
Anyone with the configured token may be able to access clinic appointment functions allowed by that token.
The skill requires an authenticated bearer token for the Odontosoft API. This is expected for the service, but the token may grant access to patient lookup and appointment booking.
"apiKey": {
"type": "string",
"required": true,
"description": "Bearer token de autenticación"
}Use a least-privilege Odontosoft token, store it as a secret, and rotate it if it may have been exposed.
A wrong or untrusted API base URL could receive the authentication token and appointment or patient-query data.
Every API request includes the configured bearer token. The code sends it to the configured base URL, so the endpoint configuration should be verified.
'Authorization': `Bearer ${token}`Set the base URL only to the official Odontosoft API endpoint and avoid using untrusted or test endpoints with production tokens.