ClawHub

eCRF Designer

v1.0.0

Design clinical trial CRFs with proper validation rules

0· 35·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md use-cases, and the included Python script all align: the tool generates CRF templates, prints them, and exports JSON. There are no unrelated binaries, credentials, or installs required.
Instruction Scope
SKILL.md describes only local script execution and file I/O (expected). The Python script writes an output JSON and lists templates; it does not read arbitrary system files or call external endpoints. However, SKILL.md mentions 'Python/R scripts executed locally' while the package only contains a Python script (minor documentation mismatch). Also the security checklist calls for input path validation (no ../ traversal), but main.py does not perform any path sanitization or explicit validation on the output path.
Install Mechanism
No install spec is provided (instruction-only skill) and the only code is a small standalone Python script. Nothing is downloaded from external hosts and nothing will be written to system locations by an installer.
Credentials
No environment variables, credentials, or config paths are requested. This is proportionate for a local CRF generation tool.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges. always is false and there is no behavior that modifies other skills or global agent configuration.
Assessment
This package appears coherent and low-risk for its stated purpose, but take these precautions before installing or running it: - Inspect the included scripts/main.py (you already have it) and confirm it matches your expectations. It only writes a JSON file and prints to stdout. - SKILL.md mentions path validation, but the script does not sanitize the output path; avoid running it with untrusted output locations and run it in a workspace/sandbox. - The documentation references R although only Python code is present—confirm there are no missing components you expect. - Test with non-sensitive sample data first. If you plan to use real clinical data, run in an isolated environment and ensure your own data-handling controls (encryption, access controls) are applied. - If you need stricter guarantees, add explicit path validation or modify export_json to enforce an allowed output directory and reject parent-directory traversal.

Like a lobster shell, security has layers — review code before you run it.

latestvk97758rcyjem1j0ya08mq8tbrd841bfj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments