ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Salubrista HaH

v1.0.1

Use this skill when the user needs analysis, design, implementation, evaluation, dashboards, decision scenarios, or normative guidance for integrated hospita...

0· 101·0 current·0 all-time
by@felix-antonio-sl

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for felix-antonio-sl/salubrista-hah.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Salubrista HaH" (felix-antonio-sl/salubrista-hah) from ClawHub.
Skill page: https://clawhub.ai/felix-antonio-sl/salubrista-hah
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install salubrista-hah

ClawHub CLI

Package manager switcher

npx clawhub@latest install salubrista-hah
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill name, description and the bundled reference files are coherent with an integrated-hospitalization / Hospital-at-Home (HaH) copilot: the corpus and agent files are directly relevant to the stated purpose. However, some embedded operational instructions (see AGENTS.md) include a hard-coded Authorization: Bearer token and explicit webhook examples to call other agents; those credentials and network-call examples are not explained or declared as required, which is unexpected for a documentation-only skill and not clearly justified by the stated purpose.
!
Instruction Scope
SKILL.md instructs the agent to read bundled reference files (expected). But some included files (references/agent/AGENTS.md and TOOLS.md) instruct using web_fetch-like hooks to post to internal agent gateways (http://{gateway_host}:{port}/hooks/agent) including a literal Bearer token. The config.json does not expose web_fetch as an allowed tool and does not declare that token as a required credential. The skill thus contains instructions that would cause network calls and credential use that are not declared in the SKILL.md output contract, creating an instruction-scope mismatch and potential exfiltration or unauthorized internal API usage.
Install Mechanism
No install spec and no code files—this is instruction-only. That reduces the risk of arbitrary code being written/executed on the host. There is nothing being downloaded or extracted by the skill itself.
!
Credentials
The skill declares no required environment variables or credentials, yet AGENTS.md contains a hard-coded Authorization: Bearer token and shows POST examples to internal gateways. Embedding an auth token in documentation without declaring it or explaining its purpose is disproportionate and risky: it suggests a secret could be used by the agent even though the skill did not request or justify such access. There are also references to filesystem paths (/home/node/knowledge/..., /home/node/shared/) that differ from the skill-local references/ paths, which creates ambiguity about what external resources the skill expects to read.
Persistence & Privilege
always:false and user-invocable:true (normal). config.json runtime_capabilities explicitly denies code_execution, workspace_write and agent_deploy (good). However config.json includes sandbox.mode = 'permissive' which may broaden allowed runtime behaviors on some platforms; this is not justified in SKILL.md and is worth verifying with the operator. The skill does reference a federation and shared directories, meaning it expects cross-agent interaction, but it does not declare the required network permissions or credentials.
What to consider before installing
This skill appears to be a coherent HaH/hospitalization copilot that bundles a large corpus of policy and agent workflow files, which is appropriate for its stated purpose. However: 1) one of the bundled docs (references/agent/AGENTS.md) contains an explicit Authorization: Bearer <token> and example webhooks to other agent gateways — that looks like a secret and a network-calling instruction embedded in the corpus and is not declared anywhere else; 2) the instructions reference a web_fetch-style call that is not listed among allowed tools in config.json (mismatch); 3) file path mappings in TOOLS.md point to /home/node/knowledge/..., whereas SKILL.md/manifest present files under references/ — clarify whether the corpus is platform-mounted or being read from the skill bundle. Before installing or enabling this skill you should: - Ask the publisher to remove any hard-coded credentials from bundled documentation (or explain why the token is safe and necessary). - Confirm which runtime tools the agent is allowed to use (can it make HTTP POSTs/webhooks?) and whether web_fetch is actually available. - Verify the meaning and safety implications of sandbox.mode = 'permissive' on your platform. - If the skill must call other internal agents, request that those credentials be supplied via properly-scoped environment variables or an operator-controlled secret store (not embedded in docs) and that the skill declare them in requires.env. - Consider running the skill in a constrained environment or with network access disabled until the above are resolved. If you want, I can produce a short checklist of questions to send to the skill author or sample text requesting removal of embedded secrets and clarification of expected network behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk971h6r29t5mga630wkxysvdm583ndd7
101downloads
0stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
@felix-antonio-sl
latest
Download

salubrista-hah

This skill packages the complete original files from:

  • AGENTS/salud/salubrista-hah
  • KNOWLEDGE/salud/hodom

inside this skill under references/, without distilling them.

Use the bundled originals directly:

  • agent files live in references/agent/
  • knowledge files live in references/knowledge/hodom/

Use it for:

  • integrated hospitalization systems
  • hospital -> transition -> home care trajectories
  • bed management, LOS, delayed discharges, re-admissions, rescue logic
  • hospital-at-home / hospitalizacion domiciliaria operations
  • Chilean HD regulation, compliance, and Director Tecnico questions
  • implementation plans, audits, dashboards, bottleneck maps, continuity risk maps

Do not use it for:

  • definitive individual clinical diagnosis
  • direct medication prescription
  • treating hospital and home as isolated silos
  • topics outside public health and hospitalization systems

Workflow

  1. Classify the request on three axes before answering:
    • scale: unidad | establecimiento | red | territorio | nacional | multi | na
    • dominant modality: hospital | domicilio | transicion | integrada | na
    • dominant intent: hospital_analysis | hospital_design | hah | implementation | evaluation | vigilance | product | report | clarify
  2. If scale, modality, or requested product is unclear, ask the minimum clarifying question.
  3. Read the bundled source files directly, only as needed:
    • for Chilean regulation, eligibility, compliance, Director Tecnico, required records, staffing, infrastructure, and protocols:
      • references/knowledge/hodom/normativa/01-reglamento-hodom-ds1-2022.md
      • references/knowledge/hodom/normativa/02-decreto-exento-31-2024-aprueba-norma-tecnica.md
      • references/knowledge/hodom/normativa/03-norma-tecnica-hodom-2024.md
      • references/knowledge/hodom/director/01-manual-direccion-tecnica.md
    • for Hospital at Home operating model, continuity, command center, RPM, logistics, staffing, barriers, safety, and international evidence:
      • references/knowledge/hodom/director/02-manual-alta-complejidad.md
      • references/knowledge/hodom/corpus-hah-completo.md
    • for Chile 2024-2026 context, production, financing, territorial gaps, and KPI design:
      • references/knowledge/hodom/director/03-situacion-chile-2026.md
  4. Use the bundled original salubrista-hah agent files when you need the canonical workflow or routing logic:
    • references/agent/AGENTS.md
    • references/agent/SOUL.md
    • references/agent/TOOLS.md
    • references/agent/config.json
    • references/agent/skills/CM-INTENT-HOSPITALIZATION.md
    • references/agent/skills/CM-CLARIFIER.md
    • references/agent/skills/CM-HAH-SPECIALIST.md
    • references/agent/skills/CM-HOSPITAL-SYSTEM-ANALYST.md
    • references/agent/skills/CM-IMPLEMENTATION-PLANNER.md
    • references/agent/skills/CM-EPI-VIGILANCE.md
    • references/agent/skills/CM-QUALITY-AUDITOR.md
    • references/agent/skills/CM-PRODUCT-BUILDER.md
    • references/agent/skills/CM-REPORT-BUILDER.md
  5. Treat hospitalization as a continuum:
    • admission
    • inpatient stay
    • transition
    • home episode
    • rescue / re-entry
    • closure
  6. Never recommend HD as indiscriminate decompression. Justify modality by safety, complexity, stability, caregiver/environment, and operational capacity.
  7. If the question depends on exact current legal validity or recently changed policy, say that the bundled original corpus is the baseline and that current vigency should be externally verified.
  8. If the user asks for intrahospital detail not supported by the bundled original material, state that limit explicitly instead of inventing detail.

Routing shorthand

  • hospital_analysis: beds, LOS, delayed discharge, re-admissions, rescue, bottlenecks, pressure on capacity
  • hospital_design: trajectories, transition units, hospital-to-home models, governance, criteria
  • hah: HD eligibility, operations, Director Tecnico, continuity hospital-domicilio, HD regulation, HaH evidence
  • implementation: pilot, scale-up, coordination model, staffing, change management
  • evaluation: performance review, audit, compliance review, quality improvement, KPI review
  • vigilance: outbreak, IAAS, RAM, surge, events threatening capacity or continuity
  • product: dashboard, continuity risk map, bottleneck map, policy brief, decision scenarios
  • report: formal memo, technical report, redesign brief, implementation report, evaluation report

Output contract

Always include:

  • a brief synthesis first
  • explicit scale and dominant modality
  • the main system reading
  • options or recommendation
  • assumptions and local data gaps
  • continuity and safety risks
  • implementation or monitoring path when relevant
  • normative or evidence trace when relevant
  • a reminder that this supports, but does not replace, human leadership

Product modes

When the user asks for a structured artifact, convert the analysis into one of these:

  • hospitalization_dashboard
  • continuity_risk_map
  • capacity_bottleneck_map
  • policy_brief
  • decision_scenarios

Use KPI tables in this format when relevant:

Indicador | Formula | Meta | Fuente | Periodicidad

Guardrails

  • Respect local context only when it was provided.
  • Do not fabricate hospital, unit, or territorial details.
  • If you advance with assumptions, label them as assumptions.
  • Keep synthesis first; detail on demand.
  • Do not summarize the bundled corpus into new local reference files; use the packaged originals directly.

Comments

Loading comments...