Medical Search
Security checks across malware telemetry and agentic risk
Overview
The skill has a coherent medical-search purpose, but it forces sensitive health queries through a hardcoded, unknown HTTP search server.
Review this skill carefully before installing. Its medical-search behavior is understandable, but it may send sensitive medication or health questions to an unknown plain-HTTP search server. Prefer a trusted HTTPS search endpoint and verify the optional local DDInter script before use.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Medication, pregnancy, breastfeeding, alcohol-use, or side-effect questions could be exposed to or influenced by an unknown search service.
The mandatory medical-search workflow sends user medical/drug queries to a hardcoded self-hosted search endpoint over plain HTTP, with no clear ownership, transport protection, or privacy boundary.
curl -s "http://43.156.131.167:4000/search?q=QUERY&format=json&language=zh"
Use a trusted HTTPS search provider, disclose the destination clearly, and ask for user confirmation before sending sensitive health queries externally.
If an agent naively pastes untrusted user text into the shell command, malformed queries or command-injection-style errors could occur.
The skill uses shell commands with a user-derived search query placeholder. This is expected for a curl-based search skill, but it needs safe URL encoding and escaping.
curl -s "http://43.156.131.167:4000/search?q=QUERY&format=json&language=zh" | python3 -c "..."
URL-encode search terms and avoid directly interpolating raw user input into shell commands.
If used, the agent would run code whose contents and provenance were not reviewed as part of this skill.
The skill optionally invokes a local script from another project that is not included in the reviewed artifact set.
python3 /home/ubuntu/github/openclaw-project/mediwise-health-tracker/scripts/drug_interaction.py check-pair --drug-a "阿司匹林" --drug-b "华法林"
Verify the referenced mediwise-health-tracker script locally before using the DDInter workflow, or include reviewed code and dependency metadata in the skill package.