Back to skill
Skillv1.0.1
ClawScan security
TCM Clinic - English Edition · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 9:19 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's files, runtime instructions, and requirements are consistent with a local TCM clinic management tool that stores data in Excel files and requires only python3 + openpyxl; no network calls or unrelated credentials are requested, but a prompt-injection marker was detected in the SKILL.md and you should review hidden characters and the full script before installing for production/patient data.
- Guidance
- This skill appears internally consistent for local clinic management: it uses Python + openpyxl, stores data as .xlsx files in a clinic_data/ directory, and exposes a CLI script that matches the documented commands. Before installing or running it with real patient data: 1) inspect the full SKILL.md and scripts/clinic_manager.py for any hidden/control characters (the pre-scan flagged unicode-control-chars) or unexpected network/subprocess calls; 2) run the tool in an isolated directory (not your home) to confirm it only creates clinic_data/ and does not write elsewhere; 3) review the full script for any code paths that call subprocess, open network sockets, or reference external URLs (none were visible in the provided snippets, but confirm the truncated portions); 4) ensure compliance with patient-data policies — Excel files are stored unencrypted by default, so consider disk encryption, backups, or adapting storage to a secure database if needed; and 5) if you lack the ability to audit the code, consider running it in a sandboxed environment or requesting a signed/verified release from a known source before use.
- Findings
[unicode-control-chars] unexpected: SKILL.md contained unicode control characters. This is not expected for a simple CLI documentation file — such characters can be used to obfuscate or inject content. It may be benign (formatting artifacts) but should be inspected and removed before trusting the skill with sensitive data.
Review Dimensions
- Purpose & Capability
- okName/description match the included artifacts: the SKILL.md documents patient records, charts, inventory, appointments, and finance workflows and the bundled script implements Excel-based data storage and CLI commands. Declared dependency (python3 + openpyxl) is appropriate for manipulating .xlsx files.
- Instruction Scope
- noteRuntime instructions are scoped to running the provided CLI script (python3 SKILL_DIR/scripts/clinic_manager.py <module> <action>) and operating on a local clinic_data/ directory. They do not request reading unrelated system files or external endpoints. However, a pre-scan flagged unicode-control-chars in SKILL.md (possible prompt-injection/obfuscation); review SKILL.md for hidden control characters that could hide instructions or alter display.
- Install Mechanism
- okThere is no install spec (instruction-only plus included script). No remote downloads or archive extraction are used. The only install step is installing Python dependency openpyxl (pip), which is proportionate.
- Credentials
- okThe skill does not request environment variables, credentials, or config paths. All data operations are local file reads/writes under clinic_data/, which is appropriate for the claimed purpose.
- Persistence & Privilege
- okThe skill is not marked always:true and does not request elevated platform presence. It creates/uses clinic_data/ in the current working directory only and does not modify other skills or global agent configuration.