Back to skill
Skillv0.1.0
ClawScan security
Patsnap Lifescience Disease Investigation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 2:08 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions, scope, and requirements are internally consistent with a disease-investigation intelligence role — it is instruction-only, asks no extra credentials, and primarily expects a platform lifesciences tool (MCP) to be available.
- Guidance
- This is an instruction-only skill that appears coherent with its stated purpose. Before installing: (1) confirm your agent platform supplies the referenced 'lifesciences MCP' tool or API (and learn how MCP credentials are managed), because the SKILL.md expects it but doesn't declare credentials; (2) consider privacy and compliance — queries may include patient or proprietary project information, so avoid sending sensitive PII or confidential internal data to external research tools without approvals; (3) verify how calls to MCP are logged/audited so you can review what was transmitted; (4) remember outputs are intelligence summaries, not clinical advice — have qualified experts validate any clinical/Regulatory decisions. If you need higher assurance, ask the skill author (or platform) to document the MCP endpoint, authentication method, and any data-retention policies.
Review Dimensions
- Purpose & Capability
- okThe name/description match the SKILL.md content: it instructs the agent to perform literature/epidemiology/pipeline/patent analyses for diseases. No unrelated binaries, env vars, or config paths are requested. Note: the skill explicitly prefers a platform 'lifesciences MCP' service for data retrieval but does not declare any credentials; this is consistent if the platform supplies that tool.
- Instruction Scope
- okRuntime instructions focus on search→fetch patterns, precise tool parameter use, and structured output formatting. The SKILL.md does not instruct reading local files, scanning system secrets, or posting results to external endpoints other than the MCP (preferred); it does not ask the agent to gather unrelated system context. It mandates strict tool-calling behavior and a specific output structure.
- Install Mechanism
- okNo install spec and no code files — instruction-only skills have minimal on-disk footprint. This is the lowest-risk install model.
- Credentials
- noteThe skill declares no required environment variables or credentials, which is proportionate to an instruction-only skill. However, it expects use of an internal 'lifesciences MCP' service; if that service requires credentials or private endpoints on your platform, those are not declared here. Confirm how MCP access is provided by your agent platform.
- Persistence & Privilege
- okalways:false (default) and disable-model-invocation:false — standard settings. The skill does not request persistent system-wide changes or access to other skills' configs.