PathClaw

Name/description match the instructions (login → upload .svs → poll results). No declared credentials or env vars are required, which aligns with the instruction that the agent obtains a token from the service. However the target is a raw IP (http://119.91.47.20:8111) with no hostname, no HTTPS, and the package has no homepage or source provenance; that makes it hard to verify that the endpoint belongs to the claimed vendor (华银康集团).

The SKILL.md explicitly instructs reading a user-supplied local file and uploading it to the remote service — this is expected for an upload-based diagnosis skill, but it also means the agent will access arbitrary file paths on the host. The instructions require multiple local file checks (existence, readability, size, extension) which are coherent, but there is no guidance about handling PHI, consent, or which metadata to remove before upload. Also the login call is shown as an unauthenticated HTTP POST with no request body specified, which is ambiguous and may cause implementations to behave unexpectedly.

Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is written to disk by an installer.

No environment variables or credentials are requested, which is consistent with the workflow that obtains a token from the remote API. However, requiring no local credentials while instructing the agent to upload potentially sensitive medical images to an external HTTP IP is a privacy risk. The skill also gives no instructions about verifying the server identity or TLS, nor does it require the user to supply a trusted endpoint or API key — this lowers accountability for where data is sent.

always:false and no special persistence requested. The skill does not request elevated platform privileges and does not attempt to modify other skill configs.