Back to skill
Skillv1.0.0
ClawScan security
medical-device-code-review · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 12:35 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested artifacts and runtime instructions are consistent with a medical-device code‑review checklist and it does not request unrelated credentials, install code, or system access.
- Guidance
- This skill appears coherent and low-risk because it is an instruction-only checklist that does not request credentials or install code. Before using: avoid pasting real patient-identifiable data or proprietary source if you don't want it exposed; treat the output as advisory (not a certified regulatory submission); consider an independent human expert for compliance sign-off (NMPA/FDA); and if you need formal evidence (e.g., MC/DC reports, signed test artifacts), obtain those from your test tooling and human reviewers rather than relying solely on this automated checklist.
Review Dimensions
- Purpose & Capability
- okName, description, and SKILL.md describe a medical device software code review (IEC 62304 / NMPA) and the included checklists and references align with that purpose. No unrelated environment variables, binaries, or install steps are required.
- Instruction Scope
- okSKILL.md contains a structured audit workflow, checklists, and output template for reporting findings. It does not instruct the agent to read system files, access environment variables, or send data to external endpoints; it expects the user to provide code/context as input, which is appropriate for a review skill.
- Install Mechanism
- okNo install spec and no code files (instruction-only). This minimizes disk writes and execution of third-party code; the references are static documentation files only.
- Credentials
- okThe skill requests no credentials, config paths, or secrets. The checks and guidance focus on code quality, safety classification, testing coverage and regulatory documentation — consistent with the stated purpose.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system modification or cross-skill configuration. Agent autonomous invocation is allowed by platform default but is not a unique privilege of this skill.