REDCap Data Dictionary Generator
PassAudited by ClawScan on May 11, 2026.
Overview
The skill appears aligned with its stated purpose of converting uploaded CRF/protocol documents into REDCap CSV dictionaries, with no evidence of malicious behavior, but it uses PyPI dependencies, local file processing, and a disclosed Feishu output flow.
This skill looks safe for its stated purpose. Before using it with clinical or institutional documents, install dependencies in a controlled environment, choose the CSV output location carefully, and confirm whether sending the generated file through Feishu is acceptable.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may require downloading third-party Python packages whose future versions could change.
The skill depends on PyPI packages for document conversion/parsing. This is expected for the stated purpose, but the packages are unpinned.
python_pkgs: ["python-docx", "lxml", "markitdown"] ... kind: "pip"
Install in a virtual environment and, for regulated clinical workflows, consider pinning and reviewing dependency versions.
The skill can create or replace a CSV file where the user or agent directs it.
The helper reads a user-supplied document path and writes a CSV output file. This is purpose-aligned, but it can overwrite the chosen output path.
parser.add_argument('file_path', help='Word 文件路径') ... with open(output_path, 'w', encoding='utf-8-sig', newline='') as f:Use a safe output path and avoid pointing it at important existing files.
The generated data dictionary, which may reflect clinical study documents, could be shared through Feishu rather than remaining only local.
The skill explicitly says the generated CSV should be sent through Feishu. This is disclosed output delivery, but it is an external/platform data flow.
6. 通过飞书发送 CSV 文件
Confirm the intended recipient/channel before sending, and do not process documents you are not authorized to share through Feishu.