ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

HIPAA Gap Analysis

v1.0.0

Assess HIPAA compliance across all five rule areas, identify 32 control gaps, and generate a prioritized remediation plan with compliance scoring and audit r...

0· 101·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (HIPAA gap analysis across five rule areas, 32 controls, remediation plan) align with the SKILL.md which defines structured inputs and a scored/output format. The skill requests only organization assessment fields (organization profile, control presence flags) — these are coherent with the stated purpose. No unrelated binaries, env vars, or install steps are requested.
Instruction Scope
SKILL.md is an instruction-only spec that asks the agent to produce a gap report from structured inputs. It does not instruct the agent to read local files, environment variables, or call external endpoints. However, it requires submission of sensitive organizational data (PHI volume/types, control state) and marks every field as required; the document does not describe how input data is handled, whether outputs or inputs are logged, or whether any external transmission occurs — a privacy/data-handling omission worth noting.
Install Mechanism
No install spec or code files are present (instruction-only), so nothing will be downloaded or written to disk by the skill itself. This is the lowest-risk install profile.
Credentials
The skill requests no credentials, config paths, or environment variables (proportionate). That said, it expects potentially sensitive organizational/PHI-related inputs; the README does not justify or limit what PHI may be included and gives no guidance to avoid entering patient-identifiable data.
Persistence & Privilege
always:false and no install or persistent configuration changes are requested. The skill does not request permanent presence or modify other skills' configs. Autonomous invocation is allowed (platform default) but not augmented by extra privileges.
Assessment
This skill appears coherent for doing a HIPAA gap analysis, but before using it: (1) Do not paste identifiable patient data — provide only organization-level, de-identified or high-level information (e.g., 'Medium PHI volume', not sample records). (2) Ask the provider where inputs and outputs are stored, how long they are retained, and who can access them. (3) Confirm whether the environment running the agent is HIPAA-compliant (BAA, encrypted storage, access controls) if you plan to include real PHI. (4) Prefer sanitizing inputs and have a qualified privacy/security professional review any remediation plan before implementation. (5) If you need an audit-grade assessment, consider using an internal/paid external assessor with documented handling policies rather than pasting sensitive details into a general-purpose skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c5wbgcprmn8w537321y6zp183771g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments