Skillv0.1.0

ClawScan security

Patsnap Lifescience Target Intelligence · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 3:21 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose, but it requires many external 'ls_*' data tools and an MCP service without declaring how those tools or any credentials are provided, creating an incoherence that merits caution.
Guidance: This skill appears to be a domain-specific research guide and is internally consistent about what data it wants to gather (patents, literature, drugs, trials). However, it references many platform tools (ls_* names) and a 'lifesciences MCP' service without declaring how those tools or any required credentials are provided. Before installing, confirm: (1) whether your agent runtime already provides the listed ls_* tools and what credentials (API keys, hosts) they require; (2) how the MCP service is authenticated and whether those credentials will be requested or stored; and (3) what policy controls exist for calling 'other sources' so the agent cannot arbitrarily exfiltrate data. If the platform binds these tools and supplies creds separately, the skill is coherent; if not, the missing bindings/credentials are a gap that could cause failures or hidden credential prompts. If you lack those guarantees, treat this skill with caution.

Review Dimensions

Purpose & Capability: noteThe name/description (target-focused lifescience intelligence) aligns with the SKILL.md: it explicitly uses patent, literature, drug, target, trial, and company data. Those data types are appropriate for the stated purpose. However, the skill assumes availability of many domain-specific tools (ls_patent_search, ls_paper_search, ls_drug_fetch, ls_target_fetch, etc.) and a 'lifesciences MCP service' without declaring or packaging them, which is a capability/dependency gap.
Instruction Scope: noteThe runtime instructions are narrowly scoped to research paths (search→fetch, literature, patents, trials, competitive landscape) and do not instruct reading local files or unrelated environment variables. They do, however, give the agent broad discretion to consult 'other sources' if MCP cannot fulfill requirements, which could lead to arbitrary external data access if not constrained by platform tool bindings.
Install Mechanism: okThere is no install spec and no code files; this is instruction-only, so nothing will be written to disk by the skill itself. That minimizes installation risk.
Credentials: concernThe SKILL.md explicitly prefers a lifesciences MCP service and enforces calling particular 'ls_*' tools, yet the skill declares no required environment variables, credentials, or tool bindings. If MCP or those tools require API keys or host endpoints, those credentials are not declared here — an incoherence that could either break the skill or hide undeclared credential requirements. The number of data sources expected is large but relevant to the purpose.
Persistence & Privilege: okThe skill does not request always: true, does not declare system config changes, and is user-invocable only. It does not ask for persistent presence or system-wide privileges.