Back to skill
Skillv2.1.0
ClawScan security
Nexus Clinical Case Gen · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 22, 2026, 6:24 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's claimed capabilities (PubMed RAG, department-specific engines, cross-validation) don't match the instruction bundle: it's high-level and gives the agent broad, vague discretion without declaring needed credentials, data sources, or concrete retrieval steps.
- Guidance
- Before installing, get concrete answers from the developer: 1) Exactly how does 'PubMed RAG' work here — which endpoints, libraries, or APIs will the agent call, and do they need API keys? 2) What are 'department-specific engines' and will the skill ever connect to internal/EHR systems or require credentials? 3) Where do citations come from and how is source provenance enforced? 4) Will the agent ever send or store patient-identifiable data (PHI)? If you can't get clear answers, run the skill in a restricted sandbox with network and file-access limits, and avoid providing any clinical or patient data. Finally, verify the publisher/source code and license before using the skill for education or clinical decision support; treat outputs as advisory and have clinical review in place.
Review Dimensions
- Purpose & Capability
- concernThe name/description promise PubMed RAG integration, department-specific engines, and cross-validation, but the skill declares no required env vars, no retrieval instructions, and no binaries. A RAG integration normally needs explicit data-source endpoints, retrieval instructions, or API keys; 'department-specific engines' is undefined. This mismatch suggests the declared capabilities are not supported by the runtime instructions.
- Instruction Scope
- concernSKILL.md is high-level and vague: it tells the agent to 'analyze using department-specific engines' and to 'cross-validate with synergy departments' but does not say how to fetch PubMed citations or which services to contact. That vagueness grants the agent broad discretion to access external systems or fetch data, which could lead to unexpected data access (including sensitive clinical systems) if the agent is allowed to act autonomously.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files. That minimizes on-disk installation risk — nothing is downloaded or written by the skill package itself.
- Credentials
- noteThe skill requests no environment variables or credentials, but its stated features (PubMed RAG, department engines, cross-validation) usually require network access and sometimes API keys or system credentials. The absence of declared credentials is unexpected and unexplained; it's unclear how the skill expects to access external sources.
- Persistence & Privilege
- okalways is false and default autonomy settings apply. The skill does not request persistent presence or to modify other skills. Autonomous invocation is allowed by default but is not, by itself, a new red flag here.