Medical Research Toolkit
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: medical-research-toolkit Version: 1.0.0 The OpenClaw AgentSkills skill bundle 'medical-research-toolkit' is benign. All instructions and code examples consistently direct the AI agent to query a unified biomedical data API endpoint (https://mcp.cloud.curiloo.com) using standard `curl` commands with JSON-RPC payloads. There is no evidence of data exfiltration, unauthorized command execution, persistence mechanisms, obfuscation, or malicious prompt injection attempts against the agent. The documentation clearly outlines the purpose, usage, and any API key requirements (e.g., for OMIM), aligning entirely with its stated goal of facilitating medical research.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Medical or research queries entered through the examples may be visible to the external endpoint operator.
The skill clearly routes biomedical database queries through a remote MCP endpoint, so that service may receive the user's research terms and request contents.
Production (No setup needed): https://mcp.cloud.curiloo.com/tools/unified/mcp ... All 14+ databases unified into one endpoint.
Avoid entering patient-identifying information or confidential research data unless you trust the endpoint and its privacy practices; consider the local option for sensitive work.
An OMIM API key included in prompts, logs, or remote requests could expose access under the user's OMIM account or quota.
OMIM tools require the user to supply an API key as part of the request arguments; this is purpose-aligned but still a credential that should be protected.
`api_key` (str): OMIM API key (REQUIRED — get from https://omim.org/api)
Use a dedicated OMIM key where possible, avoid sharing logs containing the key, and rotate the key if it is exposed.
If a user chooses the local setup path, they will be running third-party package code outside the instruction-only skill.
The optional local setup tells users to install and run a package from the Python package ecosystem; it is user-directed and aligned with the skill purpose, but users should verify the package source before running it.
Running Locally: ```bash pip install medical-mcps medical-mcps ```
Verify the package name, maintainer, repository, and version before installing; prefer a pinned version in controlled environments.