Back to skill
Skillv0.1.0
ClawScan security
Patsnap Lifescience Precision Oncology · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 2:09 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, claimed capabilities, and requested footprint are internally consistent for a precision-oncology research assistant; it asks for no credentials, has no installers, and does not attempt to access unrelated system data.
- Guidance
- This skill appears coherent: it is an instruction-only precision-oncology assistant that expects platform-provided MCP data tools. Before installing, confirm the host platform actually provides the named ls_* MCP tools and that any credentials those tools need are managed by the platform (the skill itself doesn't request keys). Important operational cautions: do not treat outputs as clinical advice without expert validation and institutional approval; verify data provenance, licensing, and currency of sources (patents, trials, and clinical guidance change frequently); and ensure you are not sending protected patient data into the skill. If you need the skill to run against private datasets, verify how the platform authenticates and logs tool calls and whether that meets your privacy/compliance requirements.
Review Dimensions
- Purpose & Capability
- okThe name and description (precision oncology, literature/patent/clinical trial synthesis) match the SKILL.md which lists literature, patent, trial, drug, and company data sources and analysis paths. There are no unrelated requirements (no cloud keys, no unrelated binaries).
- Instruction Scope
- noteThe SKILL.md is prescriptive about how to retrieve data (Search→Fetch pattern, strict adherence to MCP tool parameters, preferential use of an MCP service). It instructs the agent to call many domain-specific tools (ls_paper_search, ls_clinical_trial_fetch, etc.). The instructions do not request reading local files, environment variables, or sending data to unexpected endpoints, but they do assume platform-provided MCP tools exist and will return data to be fetched.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. No downloads, no archives, and no binaries required.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. It references many data-retrieval tools, which is proportionate to its stated purpose; however, those tools will likely require platform-side credentials (not requested by the skill) — that's an implementation detail of the host platform, not an incoherence in the skill itself.
- Persistence & Privilege
- okalways is false and the skill has no install/runtime hooks. It does not request persistent presence or modification of other skills or system-wide agent settings.