Clinical Doc Assistant
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for clinical documentation, but it handles real patient records and includes an optional backend scaffold that is not safe to deploy unchanged.
Use sandbox mode for testing. Do not use real patient data unless your EHR credentials, backend deployment, Anthropic or other LLM provider, and all hosting arrangements are approved for PHI. If you deploy backend.py, harden authentication, CORS, logging, rate limiting, and compliance controls first.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A clinic or developer deploying the backend as-is could expose a real-patient document-generation endpoint to unintended use or cost abuse.
The optional hosted backend accepts clinical document generation requests containing patient_context, but the scaffold permits wildcard CORS and a public/test API-key path. If deployed unchanged, it can expose a PHI-handling generation API with weak default controls.
allow_origins=["*"] ... if not api_key or api_key == "test": ... return {"id": "sandbox", "credits": 5Before any production use, remove the test key path, implement real account/API-key validation, restrict CORS to trusted origins, add rate limits, and complete HIPAA/security review.
The agent may be able to retrieve patient records from the configured EHR using the supplied app credentials.
The skill expects SMART on FHIR OAuth credentials that can read EHR patient data. This is aligned with the clinical documentation purpose, but it is high-sensitivity access.
requiredEnv: ... FHIR_CLIENT_ID ... FHIR_CLIENT_SECRET ... FHIR_TOKEN_URL
Use least-privilege read-only FHIR scopes, sandbox data for testing, and only configure production credentials in an approved clinical environment.
Real patient information could be transmitted to external services if the hosted backend path is used.
The artifacts clearly disclose that patient context may be sent to a configured backend and then to Anthropic for generation. This is expected for the feature but involves PHI leaving the local agent context.
If you use the hosted backend (`CLINICAL_DOC_API_URL`), patient context is transmitted to that server ... patient_context is forwarded to Anthropic's API
Use only a backend you control, confirm BAAs and HIPAA eligibility for every processor, and avoid sending real PHI through third-party services without compliance approval.