Skillv1.0.0

ClawScan security

Redacta · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 18, 2026, 7:49 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, required resources, and claimed purpose are internally consistent: it is an instruction-only redaction guide for pseudonymising clinical text and does not request unrelated credentials, installs, or filesystem access.
Guidance: This skill appears coherent and lightweight, but check the following before using on real patient data: 1) Model/data handling: the SKILL.md says processing is "local" but actual text may be sent to whatever language model you use—confirm your model provider's data processing and retention policies or run models on-prem if required. 2) Clinician/institution names: the default preserves clinician and hospital names; if your policy requires removing staff or institutional identifiers, instruct the agent to redact them or change the rule. 3) Review outputs: the skill admits it cannot guarantee 100% detection — always manually review pseudonymised text and the redaction report before sharing. 4) Test first: run the skill on representative non-sensitive examples to validate regex/context rules (especially NHS check-digit behaviour and date-context decisions). 5) Scope limits: v1 is text-only (no PDFs/images). If you need stronger guarantees or audit logging, consider integrating with a vetted de-identification pipeline rather than relying solely on instruction-driven redaction.

Purpose & Capability: okThe name/description (pseudonymise medical documents) matches the SKILL.md instructions. No unrelated binaries, env vars, or installs are requested and the detection rules and output format align with the stated purpose.
Instruction Scope: noteThe instructions are narrowly scoped to text pseudonymisation and list precise regex and contextual rules. Two design choices merit user attention: (1) clinician and institutional names are preserved by default (may leak staff/institution PII in some contexts) and (2) the SKILL.md asks the agent to process text "locally within your AI agent session" but also acknowledges underlying language-model processing; the skill cannot enforce local-only model hosting — platform/model choices determine actual data flow.
Install Mechanism: okInstruction-only skill with no install steps or code files; nothing is written to disk or downloaded as part of the skill itself.
Credentials: okNo environment variables, credentials, or config paths are required. The skill does not request unrelated secrets or permissions.
Persistence & Privilege: okNo elevated persistence requested (always:false). The skill does not attempt to modify other skills or system-wide settings.