Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
CareMax OCR
v1.0.0Upload medical reports and run OCR recognition via CareMax Health API. After upload succeeds, agents MUST immediately run OCR on the same session unless the...
⭐ 0· 45·0 current·0 all-time
byQitao Yang@kittenyang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (CareMax OCR) align with instructions to upload files and call OCR. However, the skill requires a sibling component ('../caremax-auth/') for all API/auth operations but does not declare that dependency in the registry metadata or require any credentials — an implicit external dependency that should be explicit.
Instruction Scope
The SKILL.md instructs the agent to execute bash scripts from a sibling directory (upload.sh, ocr-stream.sh, auth-flow.sh) and to automatically run OCR immediately after upload unless the user explicitly forbids it. That means the agent will, by default, transmit/process sensitive medical data to remote services and execute external code it cannot vet from this skill alone. It also instructs polling and restart behavior and to stream SSE lines directly to users. These behaviors expand scope beyond a simple local helper and require careful review of the referenced scripts and data flows.
Install Mechanism
No install spec and no code files are included in this package (instruction-only). That minimizes on-disk installation risk for this skill itself, but it explicitly depends on external scripts in '../caremax-auth/' which will be executed at runtime.
Credentials
The skill declares no environment variables or primary credential, yet its runtime behavior depends entirely on external auth scripts that will handle API credentials. The registry metadata does not list or justify any credentials; this hidden credential handling (and cross-directory script execution) is a proportionality and transparency concern, especially given the sensitivity of medical data.
Persistence & Privilege
always is false and there is no install writing files from this skill. However, the skill's recommended auth-flow may create/modify credentials or token files via the sibling caremax-auth scripts. Because the skill runs external scripts, it could end up storing tokens or altering auth state outside its own directory—review the caremax-auth scripts before use.
What to consider before installing
Before installing or invoking this skill: 1) Understand it will, by default, send and process medical reports (PHI) to external CareMax APIs and will run OCR immediately after upload unless the user explicitly asks to only upload — confirm you have user consent and comply with privacy rules. 2) The skill has no bundled code but requires a sibling directory '../caremax-auth/' and will execute its scripts; obtain that component from a trusted source and inspect scripts (upload.sh, ocr-stream.sh, auth-flow.sh) to see where data and credentials are sent/stored. 3) The skill does not declare required credentials — expect the auth scripts to create/use tokens; verify how/where tokens are stored and whether they could be exfiltrated. 4) If you cannot review the caremax-auth scripts, treat this skill as risky: do not use it with real patient data. 5) If you want to proceed, ask the publisher for the official caremax-auth repo link, a list of endpoints the scripts call, and an explanation of how credentials and session data are stored and protected.Like a lobster shell, security has layers — review code before you run it.
latestvk974v4y52a8z4m9trr96m5z1x583tq9y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.