Skillv1.0.0

ClawScan security

广东省病案统计管理系统SQL查询大师 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 23, 2026, 8:51 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is an instruction-only collection of SQL table references and query templates for the Guangdong medical-record system and does not request credentials, install code, or perform unexpected actions.
Guidance: This skill is basically a library of table maps and SQL examples — it itself does not connect to databases or ask for credentials. Before using: (1) review and understand any SQL it generates (ensure it matches your DB schema and won't run destructive statements), (2) never paste production DB credentials into a third party; if you connect the agent to a database, use least-privilege accounts and test on anonymized or staging data, and (3) ensure use complies with patient-data privacy and local regulations because the queries operate on sensitive health records.

Purpose & Capability: okName/description claim expertise in the Guangdong 病案统计管理系统 table structures and the package contains a large SKILL.md with table lists and SQL examples — the requested artifacts (none) match that purpose.
Instruction Scope: okSKILL.md contains schema descriptions and SQL query examples. It does not instruct the agent to read system files, environment variables, call external endpoints, or exfiltrate data; instructions are scoped to generating/formatting SQL.
Install Mechanism: okNo install spec and no code files are included. This is lower risk because nothing is downloaded or written to disk by the skill itself.
Credentials: okThe skill declares no required environment variables, credentials, or config paths — which is appropriate for a documentation/query-template skill. There are no unexpected secret requests.
Persistence & Privilege: okalways is false, agent invocation is standard. The skill does not request persistent or cross-skill configuration or elevated privileges.