Redcap Crf Generator
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: redcap-crf-generator Version: 1.3.0 The skill bundle is designed to convert clinical research forms (CRF) from Word/Excel documents into REDCap-compatible CSV data dictionaries. The provided Python scripts (generate_datadict.py and process_upload.py) use standard libraries like python-docx to parse document structures and extract field information. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the logic is consistent with the stated purpose of medical data management.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing unpinned dependencies can expose the environment to changes in future package versions or compromised packages.
The skill relies on installing Python packages from PyPI, and the documented packages are not version-pinned. This is purpose-aligned for document conversion but still a supply-chain item users should notice.
pip install python-docx lxml markitdown
Install in a virtual environment and consider pinning trusted package versions before use.
Clinical form structure, protocol details, or embedded images could be shared with an OCR tool or Feishu workspace as part of normal operation.
The workflow can route document images through an OCR/image tool and send the resulting CSV via Feishu. This is disclosed and related to the stated task, but it is a third-party/tool-mediated data flow involving potentially sensitive clinical document content.
使用 `image` 工具识别图片内容 ... 通过飞书发送 CSV 文件
Use this only for documents you are allowed to process in those tools, and confirm the Feishu recipient/channel before sending generated files.