ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Adverse Event Narrative

v0.1.0

Generate CIOMS-compliant adverse event narratives for Individual Case Safety Reports (ICSR). Creates structured pharmacovigilance documents following CIOMS I...

0· 117·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, reference docs, sample JSON, and the included Python script align with a narrative generator for ICSR/CIOMS purposes. However the SKILL.md examples show usage of scripts.narrative_generator.NarrativeGenerator while the repository contains scripts/main.py defining CIOMSNarrativeGenerator — a documentation/code mismatch that could confuse integrators or indicate outdated docs.
Instruction Scope
SKILL.md instructs only on narrative generation, timeline and causality analysis, and running the included script. It does not instruct reading unrelated system paths or requesting credentials. The allowed-tools line includes Bash/Edit/Read/Write (so the agent may run the script or edit files), which is reasonable for a file-based generator but means you should ensure the agent's execution environment is sandboxed before running with sensitive data.
Install Mechanism
No install spec (instruction-only plus a bundled script). No downloads or external package installs are declared. The included Python script uses only stdlib imports in the available excerpt, so install risk is low — but verify the full script for third-party/network imports.
Credentials
The skill declares no required environment variables, credentials, or config paths, which is proportional for a local narrative generator. There are no declared secrets or external service tokens required.
Persistence & Privilege
always:false and the skill is user-invocable; it does not request permanent inclusion or cross-skill config modification. Normal autonomous invocation remains possible (platform default) but is not combined with other high-risk factors here.
What to consider before installing
This skill appears to do what it claims (generate CIOMS/ICSR narratives) and is bundled as a local Python script with reference docs and samples. Before installing/using it with real case data: 1) Verify the code: confirm scripts/main.py is complete and search it for network calls (requests, urllib, socket), subprocess/os.system calls, or any code that reads files outside the supplied inputs. 2) Confirm the documentation mismatch (SKILL.md references scripts.narrative_generator.NarrativeGenerator while the package provides CIOMSNarrativeGenerator in scripts/main.py) — update usage examples or ensure the expected module exists. 3) Run the tool in an isolated sandbox with non‑PHI test data to check behavior and outputs. 4) Ensure narratives produced do not accidentally include patient identifiers (PHI) — the docs say to exclude identifiers but the script may not enforce it. 5) If you will integrate this into automated pipelines, audit for any commands that would allow arbitrary shell execution (allowed-tools includes Bash), and restrict execution privileges or sandbox the agent. If you want higher assurance, ask the author for a full code review or a signed provenance/source repository (homepage/owner info is missing).

Like a lobster shell, security has layers — review code before you run it.

latestvk97f5jzeq4hqc2jsfp15k662g5835zcc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments