Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
中医诊所管理系统
v1.0.0中医诊所管理工具,支持患者档案、病历记录、处方管理、中药库存、预约排班和财务统计,数据存Excel。
⭐ 0· 78·0 current·0 all-time
byPhal studio@slamw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, SKILL.md and the included Python script are coherent: a one‑person TCM clinic manager storing data as Excel files. However SKILL.md and README expect python3 plus Python packages (openpyxl, reportlab) but the skill's declared requirements list no required binary or runtime; that mismatch should be resolved (agent or user must provide Python). Allowed-tools (bash, read_file, write_to_file, search_content) are reasonable for a file‑based app but give the agent the ability to access files outside clinic_data if misused.
Instruction Scope
Runtime instructions limit operations to initializing and manipulating files under clinic_data/ and invoking the included script. They do not instruct network calls or credential access. However SKILL.md includes allowed-tools that permit arbitrary file reads/writes/searches; combined with the pre-scan finding of unicode control characters in SKILL.md (possible prompt‑injection pattern), this warrants caution — verify SKILL.md and the full script for any hidden instructions or unexpected behavior before granting file access.
Install Mechanism
No install spec: this is instruction+script only, so nothing is downloaded or executed automatically. README suggests installing Python packages via pip (openpyxl, reportlab). That manual dependency install is expected; there are no remote downloads or obscure installers in the provided manifest.
Credentials
The skill declares no environment variables or credentials, which is appropriate. It does require filesystem access to create/read/write clinic_data/*.xlsx — reasonable for the purpose. Still, the allowed agent tools (read_file, write_to_file, search_content) enable reading arbitrary files on the host; ensure the agent is only given the minimal workspace and not broad filesystem access if you have sensitive data on the host.
Persistence & Privilege
always is false and the skill does not request system‑wide configuration changes. The script writes local Excel files in the working directory; this is normal for a data management tool. There is no evidence in the provided files of it modifying other skills or agent configuration.
Scan Findings in Context
[unicode-control-chars] unexpected: Unicode control characters were detected inside SKILL.md. These can be used in prompt‑injection attacks (e.g., to obfuscate or break parsing). This is not expected for a normal README/instructions file and should be inspected and removed or explained by the author.
What to consider before installing
What to check before installing: 1) Inspect the full scripts/clinic_manager.py for any network calls, hidden endpoints, or code that reads system files beyond clinic_data. The repo preview was truncated — review the entire script. 2) Remove or examine any suspicious Unicode control characters in SKILL.md (they can hide instructions or alter parsers). 3) Ensure you have an isolated Python environment (python3) and install only the needed packages (openpyxl, reportlab) in a virtualenv. 4) Run the tool in a sandbox or test directory (not your home directory) so it only creates clinic_data/ there. 5) Because the agent is allowed read_file/write_to_file/search_content, limit the agent's filesystem permissions to the skill workspace to prevent accidental exposure of unrelated files. 6) If you expect PDF exports to be sent to external services (WeChat), confirm there is no automatic network send implemented; implement sending manually if needed. If you cannot inspect the full code or remove the unicode control characters, treat this as higher risk and avoid installing on sensitive systems.Like a lobster shell, security has layers — review code before you run it.
latestvk97drh1k6x7s17s8xdhmt1vttn84h892
License
MIT-0
Free to use, modify, and redistribute. No attribution required.