ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CareMax Records

v1.0.0

Query and search medical records from CareMax Health API. Supports structured query, AI-powered semantic search with RAG (natural language answers with citat...

0· 50·0 current·0 all-time
byQitao Yang@kittenyang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to query CareMax Health API and all SKILL.md examples call an API endpoint; that fits the stated purpose. However, the skill does not declare any required credentials or a primaryEnv even though it requires authenticated access via a sibling repo (../caremax-auth). The external dependency is coherent with the purpose but should have been declared and linked.
!
Instruction Scope
Runtime instructions require executing scripts in a sibling directory (../caremax-auth/scripts/api-call.sh and auth-flow.sh). Those external scripts are mandatory and run shell commands, may prompt for or store credentials, and are outside the visibility of this skill bundle. The SKILL.md also instructs forwarding user medical queries to a remote API and saving chats remotely — expected for this skill but high-risk for PHI if endpoints or auth are not verified.
Install Mechanism
There is no install spec and no code files in this skill (instruction-only). That reduces the immediate attack surface in the skill itself, but the mandatory dependency on an out-of-tree sibling package (caremax-auth) shifts risk to that external code.
!
Credentials
The skill lists no required environment variables or primary credential, yet the SKILL.md implicitly depends on authentication performed by ../caremax-auth. For a medical-records integration it is unusual and concerning not to declare what credentials or base_url will be used; the auth scripts could access or request arbitrary secrets.
Persistence & Privilege
The skill does not request 'always: true' or other elevated persistent privileges and remains user-invocable. It does not declare modifying other skill configs. Autonomous invocation is allowed (platform default) but not by itself a new concern here.
What to consider before installing
Do not install or run this skill until you verify the external auth package it requires (../caremax-auth). The SKILL.md mandates running sibling scripts that will perform authentication and API calls — those scripts could prompt for, store, or transmit sensitive credentials and medical data. Ask the publisher for a source URL or repository, inspect the caremax-auth/scripts (especially auth-flow.sh and api-call.sh) to see where credentials are read, stored, or sent, and confirm the API base_url and hostname are legitimate and HIPAA-compliant if you will handle PHI. If you cannot inspect the sibling repository, avoid using this skill with real patient data; test only with synthetic data and consider requiring explicit declaration of required env vars (API keys, base_url) before trusting it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ac6yvrdtebxdjqvdyc1wnjn83v12q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments