ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Medical Search

v1.0.0

Drug safety and medical information search. Use when user asks about: drug interactions, medication safety, contraindications, side effects, drug-alcohol int...

0· 50·1 current·1 all-time
by@juneyaooo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description (drug safety search) aligns with using curl/web search and returning sources. However the SKILL.md only lists curl as a required binary while the runtime examples call python3 and a platform 'web_fetch' tool and also reference executing local scripts under /home/ubuntu/... — those are not declared. The requirement to always search and publish searched URLs does match the purpose, but the undeclared reliance on python3/web_fetch and optional execution of local scripts is disproportionate and inconsistent with the declared requirements.
!
Instruction Scope
Instructions mandate network queries to a hard-coded SearXNG instance at http://43.156.131.167:4000 (an external IP) and require returning exact URLs from results. They also instruct the agent to run local Python scripts at /home/ubuntu/github/openclaw-project/mediwise-health-tracker/... if present. Together these create two risks: (1) sensitive user queries (medical/PHI) will be sent to a third party by default, possibly leaking private data; (2) the agent may execute arbitrary local code if that path exists. The SKILL.md also references a 'web_fetch' tool that isn't declared in requires.bins, so the instructions rely on environment capabilities not stated in metadata.
Install Mechanism
No install spec and no code files — this is instruction-only, which minimizes disk writes. The primary runtime behavior is network I/O and invoking existing local binaries/tools. The lack of install spec itself is low-risk, but it shifts risk to the external endpoints and local execution described in the instructions.
!
Credentials
The skill does not request env variables or credentials (good), but it requires sending queries to a hard-coded external host and may invoke local scripts at a specific absolute path. Asking to execute /home/ubuntu/... is an implicit request for filesystem/execute access beyond simple search capability and is disproportionate for a search helper. Also the SKILL.md uses python3 and web_fetch without declaring them as required binaries/tools.
Persistence & Privilege
always is false and there is no install or self-modifying behavior. Autonomous invocation is allowed (platform default) but not combined with any elevated persistence or cross-skill configuration changes, so no extra privilege concerns from persistence.
What to consider before installing
This skill is coherent in purpose (it tries to force verification of drug safety via web search), but several red flags mean you should be careful before enabling it: - The skill hard-codes a third-party SearXNG instance at http://43.156.131.167:4000. Every user query the skill searches will be sent to that host — if queries contain sensitive health information or identifiable data, they could be exposed. Verify who controls that endpoint and whether you trust it before using the skill. - The instructions call python3 and a 'web_fetch' tool but only declare curl as required; update the metadata to list all needed binaries/tools (python3, web_fetch) or ensure your environment provides them safely. - The SKILL.md tells the agent to execute local scripts under /home/ubuntu/... if present. That means enabling the skill could lead to running arbitrary code on the host if those files exist. Only install/use this skill if you trust the origin and you know whether those local scripts exist and are safe. Consider removing or restricting that behavior. - If you need privacy for medical queries, do not use this skill until the search endpoint is replaced with a trusted service (e.g., a vetted official search API) or hosted locally under your control. Recommended actions before installing: 1. Ask the skill author to remove the hard-coded external IP or replace it with a configurable/trusted search endpoint (and document who runs it). 2. Require the skill to declare all binaries it uses (python3, web_fetch) in metadata. 3. Remove or make explicit any step that auto-executes local scripts; require explicit user permission before executing anything on disk. 4. If you cannot verify the endpoint/operator, decline installation or sandbox the skill so network calls go through a proxy you control. Given these inconsistencies and privacy/execution risks, treat the skill as suspicious until the above issues are resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ak9m7as9f7d3ws3nbszja9h83r5x5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💊 Clawdis
Binscurl

Comments