Back to skill
Skillv1.0.0
ClawScan security
Find and Book In-Network Doctors with Real-Time Availability · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 16, 2026, 7:28 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (finding and booking in-network doctors via Zocdoc) is plausible, but the runtime instructions are vague about how real‑time availability, verified reviews, and insurance confirmation are obtained — leaving room for scope creep (web scraping, asking for sensitive data, or other surprising actions).
- Guidance
- Before installing, ask the publisher to clarify implementation details: Will the skill call an official Zocdoc API (and if so, how are API keys or OAuth handled)? If it scrapes Zocdoc pages, confirm TOS compliance and that no credentials or sensitive patient data will be collected. Avoid providing insurance policy numbers or other PHI to the skill; prefer a design that returns Zocdoc links and requires users to complete booking on Zocdoc's site. If you plan to enable autonomous invocation, consider limiting that capability until the data sources and privacy controls are documented. If the publisher can't explain how real‑time availability and insurance verification are obtained without requesting sensitive credentials, treat the skill as high risk and do not install.
- Findings
[regex-scan-empty] expected: The static scanner found no code files to analyze. For an instruction-only skill that is plausible, but it means the SKILL.md is the only surface to evaluate — which increases importance of clear, constrained instructions.
Review Dimensions
- Purpose & Capability
- noteName and description match the intended functionality (search, filter, surface availability, and link to Zocdoc). However, the skill claims real-time availability and verified insurance confirmation but provides no detail about which APIs, authenticated integrations, or data sources will be used. That mismatch between claimed capability and declared requirements is noteworthy.
- Instruction Scope
- concernSKILL.md is high-level and does not constrain the agent to a safe implementation. It does not specify calling a Zocdoc API, using an official SDK, or only returning links; the agent is left to choose techniques to obtain data. That open-ended instruction can lead to undesirable behaviors such as HTML scraping, automated form submission, or prompting users for sensitive insurance/identity data beyond what's necessary.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files; nothing is written to disk by an install process. This is the lowest-risk install pattern.
- Credentials
- concernThe skill requests no environment variables or credentials, yet claims capabilities (real-time availability, insurance confirmation, booking) that often require authenticated API access or integration. That absence is either an omission (poor documentation) or implies the agent may rely on scraping or ask users for sensitive data interactively — both raise proportionality/privacy concerns.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request special persistent privileges. Autonomous invocation is allowed (platform default) but not combined with other elevated privileges in this package.