Skillv1.0.2

ClawScan security

medical-triage-booking · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 19, 2026, 3:55 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches its stated triage/booking purpose, but there are several incoherences and privacy/credential concerns (hard-coded map key, undeclared env var, map-provider mixup, and some workflow steps described in SKILL.md that are not implemented in the scripts).
Guidance: This skill appears to implement symptom triage, hospital/doctor matching, reminder time calculation, and route generation from an internal hospital CSV — that part is coherent. However consider these points before installing or using: - Credential handling: The code expects a BAIDU_MAP_AK environment variable but the skill metadata doesn't declare it. Additionally, a Baidu API key is hard-coded in baidu_route_link.py. Hard-coded keys may be leaked or belong to the publisher; avoid using production data with such keys and consider rotating/removing them. - Privacy of location data: Route/geocoding calls send addresses/coordinates to Baidu's APIs. If you use this feature, confirm you want the agent to transmit user-supplied location or hospital names to external services and verify compliance with local privacy/regulatory requirements. - Mismatched documentation vs. code: SKILL.md mentions IP-based geolocation and an Amap/jsapi skill, but the bundle does not implement IP lookup nor use Amap. Expect manual steps (ask user for location) or adjust the code/instructions to match. Test the skill in a sandbox to see what it actually does. - Clinical caution: The tool is an aid only. The references document notes CSV contains non-clinical 'laboratory' entries and the SKILL.md correctly instructs to avoid presenting diagnoses. Ensure messaging to users includes the explicit disclaimer that this is triage assistance, not medical advice. Recommendations: review and remove the embedded API key (or replace with a documented env var), update the skill metadata to declare BAIDU_MAP_AK if required, fix SKILL.md to match actual behavior (or implement IP geolocation if intended), and test network behavior to confirm no unexpected data exfiltration. If you will handle real patient data, validate privacy/legal compliance before enabling outbound map features.
Findings: [hardcoded-api-key-in-code] unexpected: baidu_route_link.py contains a hard-coded BAIDU_MAP_AK default value. A map API key might be required, but embedding a key in source is inappropriate and not declared in the skill metadata. [outbound-network-calls] expected: Scripts perform outbound HTTP(S) requests to Baidu map APIs to geocode addresses and plan routes. Network calls are expected for route generation but transmit location and query data and thus have privacy implications.

Review Dimensions

Purpose & Capability: noteThe code and data (triage script, hospital CSV, reminder and routing helpers) align with the described medical-triage-and-booking purpose. Exceptions: SKILL.md says it will derive location from the user's IP and references an 'amap-jsapi-skill' for generating routes, but the included scripts use Baidu map APIs and do not implement IP geolocation. The mismatch between claimed map provider (Amap) and actual implementation (Baidu) is an unexpected inconsistency.
Instruction Scope: noteRuntime instructions are mostly scoped to symptom collection, safety triage, running triage_and_match.py, and calling the reminder and routing scripts. However the SKILL.md instructs the agent to determine user location 'by IP' and to create system reminders when supported; the provided scripts do not implement IP-based geolocation or OS reminder creation (they only compute reminder times and call Baidu APIs). That gives the agent more implied discretion than the code supports.
Install Mechanism: okNo install spec (instruction-only with bundled scripts) — minimal disk/write surface from the platform perspective. Scripts are included in the bundle and run with python3 as declared; no remote downloads or extraction are present.
Credentials: concernRegistry metadata declares no required env vars, but the scripts expect/accept a BAIDU_MAP_AK environment variable. Worse, baidu_route_link.py embeds a default API key (wK1w1xlWg2Mg6SNLYyLMPl4NuYl9JIf8) in the code. Hard-coded API keys in distributed code are a red flag (possible leaked credential, unexpected outbound calls using someone else's key). The skill will make external requests to map provider APIs (sending hospital names, addresses, and user coordinates) — that is proportionate to routing but sensitive and should be declared.
Persistence & Privilege: okSkill is not always-enabled and does not request system-wide persistence or modify other skills. It runs on-demand and needs only python3 to execute its scripts.