ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

医生工作台助手 (Agentic AI 科研平台)

v0.1.0

医生工作台助手。整理患者基本信息、关键时间线、检验趋势、待办事项并生成随访任务草稿。当用户以医生身份查询患者情况或需要随访建议时触发。

0· 67·0 current·0 all-time
by@emergenceronearth
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to summarize patient records and generate follow-up tasks, which legitimately requires reading patient data. However, the SKILL.md hardcodes a specific filesystem path (/home/ubuntu/workspace/demo/mock_data/doctor_demo.json) and localhost reporting endpoint (http://localhost:5001) while the skill metadata declares no required config paths, endpoints, or credentials. The metadata and instructions are not aligned.
!
Instruction Scope
Runtime instructions instruct the agent to: 1) POST status messages to localhost:5001, and 2) read a local JSON file containing patient data and present de-identified info. These steps access potentially sensitive PHI and an external (local) endpoint. The SKILL.md does not define how de-identification is performed, how to validate the file, nor any limits on what else may be read; it also lacks guidance about consent, logging, or secure handling.
Install Mechanism
This is an instruction-only skill with no install spec or bundled code, so no files are written or third-party packages installed by the skill itself.
!
Credentials
The skill requests no environment variables or credentials, yet its instructions require filesystem access to a specific path and the ability to call a local HTTP service. Those resource requirements are not declared; reading patient data is sensitive and should be justified and scoped via explicit config (e.g., declared config paths or env vars for data location and report endpoint).
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence. It is user-invocable and can run autonomously per platform defaults — not itself a red flag, but combine with the other concerns about data access.
What to consider before installing
Before installing, confirm where the skill will read patient data and where it will send reports. The SKILL.md hardcodes /home/ubuntu/workspace/demo/mock_data/doctor_demo.json and posts to http://localhost:5001 but the skill metadata does not declare these paths/endpoints. Ask the publisher to (1) declare required config paths or environment variables for the data file and reporting endpoint, (2) explain and enforce de-identification and logging/consent controls for PHI, and (3) provide a configurable/reporting endpoint rather than a hardcoded localhost URL. Only install if you trust the local report service, the data source, and if you have organizational approval to let an agent read patient records. If you cannot verify those, treat this skill as risky and do not enable it for real patient data.

Like a lobster shell, security has layers — review code before you run it.

latestvk9774hmdj8y301svba228r666n83pnab

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments