ICD-Coding
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a benign ICD/DRG medical coding reference skill, with only user-directed local lookup scripts and minor packaging/provenance details to verify.
This skill looks suitable as an offline ICD/DRG coding reference. Before installing, verify the source and any missing data files, and only run the optional Python lookup commands deliberately. If using real patient cases, avoid including unnecessary identifying information and confirm final codes against official hospital or医保 rules.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Some advertised lookup data may be absent or may need to come from a source the user should verify before relying on it.
The skill advertises bundled data files for large clinical-term and DRG mappings, but the provided file manifest does not include a data/ directory. This is a packaging/provenance note, not evidence of harmful behavior.
`data/clinical_terms.json` ... `data/drg_weight.json` ... `data/drg_icd_map.json`
Confirm that any added or installed data files come from trusted official ICD/DRG sources and match the version expected by the skill.
If a user or agent runs the example, it executes local code from the skill package.
The documentation provides user-directed commands to run a bundled Python lookup tool. This is central to the lookup function and is not shown as automatic, privileged, or destructive.
python3 docs/drg_lookup_tool.py icd I21
Run the Python lookup tools only when intentionally requested and after trusting or reviewing the installed skill files.