ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Medication Adherence Message Gen

v1.0.0

Use medication adherence message gen for academic writing workflows that need structured execution, explicit assumptions, and clear output boundaries.

0· 46·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, the included scripts/main.py, and the templates all align: the package generates medication-adherence reminder messages using behavioral principles. No unrelated credentials, binaries, or installs are requested.
!
Instruction Scope
SKILL.md instructs the agent to run the packaged script and keep outputs bounded (expected), but the pre-scan flagged 'unicode-control-chars' inside SKILL.md which can be used for hidden instructions/prompt injection. The document otherwise does not request unrelated files or credentials, but the hidden-character finding warrants manual review of SKILL.md for any concealed directives.
Install Mechanism
No install spec is provided (instruction-only plus a packaged script). That lowers risk—nothing is downloaded from external URLs and no packages are auto-installed by the skill itself. requirements.txt lists only dataclasses and enum (benign).
Credentials
The skill requests no environment variables or credentials (good), but it naturally handles sensitive user data (patient name, medication, dosage). Treat PII as sensitive: confirm the skill will not transmit data externally and consider redaction or running in a sandbox when testing.
Persistence & Privilege
always:false and no special privileges requested. The skill does not declare changes to other skills or system-wide settings. Autonomous invocation is allowed by default (platform behavior) but not in itself a red flag here.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md contains unicode control characters that can hide or alter instruction text; this is not necessary for a benign packaging of message templates and may indicate an attempt to influence agent behavior covertly. Manual inspection of SKILL.md for hidden characters is recommended.
What to consider before installing
This package appears to do what it says (generate medication reminder messages) and does not request external credentials — but proceed cautiously. Before installing or running: (1) open SKILL.md in a text editor that shows invisible/control characters and remove any unexpected glyphs (the pre-scan flagged unicode control chars); (2) review scripts/main.py for any networking (requests, sockets, urllib, subprocess or os.environ usage) or hidden endpoints; (3) test the script in an isolated/sandboxed environment with dummy data (no real patient PII); (4) if you will process real patient data, verify compliance with privacy/regulatory rules and ensure no telemetry or external uploads occur; (5) if you find network calls or hidden behavior, do not install and report the package. These checks will reduce the risk of covert prompt instructions or inadvertent data exfiltration.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ct3ahyt4x5pz2wnnm5dvek183qyr2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments