Dental Clinic Assistant
v1.0.0Assistente WhatsApp para clinicas odontologicas. Agenda consultas, envia lembretes, faz triagem, coleta dados de novos pacientes, responde FAQs, pede reviews...
⭐ 0· 181·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description (WhatsApp dental assistant: scheduling, reminders, FAQs, handoff) match the SKILL.md and JSON templates. The skill expects Google Calendar and WhatsApp integration (described in README and config), which is appropriate for scheduling/reminders. Minor note: the skill references storing Google service-account credentials at config/google-calendar-credentials.json and uses a calendar_id placeholder even though the skill metadata declares no required env vars — the credential requirement is implicit in the config files rather than declared explicitly.
Instruction Scope
The SKILL.md flows stay within the assistant's purpose (greeting, scheduling, reminders, rescheduling, FAQ, handoff). It instructs creation of Google Calendar events and notifying staff via configured alert channels. Two issues to review: (1) SKILL.md's core rule 'NEVER diagnose' is slightly inconsistent with the emergency example that recommends ibuprofen and gives first-aid steps (this is triage-like advice and should be explicitly allowed or removed); (2) the skill expects credentials/config files to be placed in repo paths (e.g., ./config/google-calendar-credentials.json) — the instructions do not explain secure handling of these secrets or where WhatsApp/Platform credentials are stored, which is a documentation gap.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is written to disk by the skill itself. This is low-risk from an installation perspective.
Credentials
The skill declares no required environment variables, which matches the registry metadata. However, it clearly requires external credentials in practice: Google Calendar service-account JSON (path referenced in config) and a WhatsApp Business connection via the platform. Those secrets are handled out-of-band (user places credential JSON and scans WhatsApp QR) but the skill does not declare or require environment variables for them — this implicit credential handling is reasonable for an instruction-only skill but should be made explicit to the clinic operator so they don't accidentally commit secrets or misconfigure access. Also check that the calendar_id and any API keys are replaced and not left with placeholders.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent platform privileges or modify other skills. As an instruction-only skill it does not persist code or install daemons. This is proportionate.
Assessment
This skill appears to do what it says (WhatsApp scheduling, reminders, FAQs), but review a few items before deploying: 1) Do not store service-account JSON or other secrets in a public repo — place credentials in a secure location and restrict access; the config references ./config/google-calendar-credentials.json so ensure that file is created securely and excluded from version control. 2) Confirm how WhatsApp Business credentials are provisioned by your hosting/agent provider and where staff alert channels are configured; the skill assumes those integrations exist but doesn't declare environment variables. 3) Review the emergency/triage text: SKILL.md forbids diagnoses but the emergency example suggests medications (ibuprofen) and first-aid steps — decide whether this is acceptable for your clinic/legal context and adjust wording to match your compliance policy. 4) Replace all 'YOUR_' placeholders (calendar_id, google place id, etc.) before going live. 5) Verify HIPAA/data-retention procedures with your hosting provider — the skill stores patient name/phone/email in calendar event descriptions which may have privacy implications. If you need a stricter setup, require encryption at rest, audit logs, and least-privilege service accounts. If you want, I can suggest exact edits to the config and SKILL.md to make credential handling and emergency guidance explicit and safer.Like a lobster shell, security has layers — review code before you run it.
automationvk978tn6bf40mn36aszdcjfctg182swyjbilingualvk978tn6bf40mn36aszdcjfctg182swyjdentalvk978tn6bf40mn36aszdcjfctg182swyjhealthcarevk978tn6bf40mn36aszdcjfctg182swyjlatestvk978tn6bf40mn36aszdcjfctg182swyjschedulingvk978tn6bf40mn36aszdcjfctg182swyjwhatsappvk978tn6bf40mn36aszdcjfctg182swyj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.