ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Faq Generator

v0.1.0

Generates FAQ lists from complex medical policies or protocols. Trigger when user provides medical documents, policies, or protocols and requests FAQ generat...

0· 66·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the files present: a README-like SKILL.md and a small Python script that claims to generate FAQs. However, SKILL.md documents a CLI with --input/--output/--format flags while the included scripts/main.py does not implement CLI parsing and returns a hardcoded sample result. This mismatch means the shipped code will not behave as the documentation describes.
Instruction Scope
SKILL.md restricts network access and claims read-only filesystem use, and the Python script does not perform network calls or arbitrary file access. However, the skill is intended to process medical documents (which may contain PHI). SKILL.md does not provide concrete guidance for safe handling/redaction of sensitive data, nor does the code actually implement accepting or validating input files. Treat data-sensitivity as a practical risk even though there are no explicit exfiltration instructions.
Install Mechanism
No install spec is provided (instruction-only install), which minimizes installation risk. A small Python script is included but there is no automated download or execute-from-remote step.
Credentials
The skill requests no environment variables, credentials, or config paths—this is proportional. Note that processing medical documents is sensitive; absence of required credentials reduces risk of unexpected cloud access but you should confirm the agent runtime will not send data to external services.
Persistence & Privilege
The skill does not request elevated persistence (always: false) and does not claim to modify other skills or global agent settings.
What to consider before installing
This skill appears to be a draft: the SKILL.md documents a CLI that accepts file paths and options, but the included Python script ignores CLI arguments and returns a hardcoded example FAQ. Before installing or using with real medical documents: 1) Confirm how the agent will execute the script (locally vs remote) and whether any data will leave your environment. 2) Ask the author for a corrected implementation that actually accepts and validates input files and respects the documented parameters. 3) Ensure there are explicit safeguards for handling PHI (redaction, no external API calls, logging controls). 4) Test with non-sensitive dummy documents to verify actual behavior and outputs. If you rely on this for medical advice or patient-facing materials, get a clinical review—this tool does not demonstrate medical-accuracy safeguards as provided.

Like a lobster shell, security has layers — review code before you run it.

latestvk97744dkk2tatgp42aw4ckszj5839m24

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments