Skillv1.0.0

ClawScan security

AI医学报告解读助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 7:43 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (PDF medical report parsing + literature lookup + optional public posting) is plausible, but the instructions omit important privacy/consent and data-handling safeguards and reference external search/publishing without explaining redaction or credential use — this mismatch could lead to unintended exposure of sensitive health data.
Guidance: This skill does what it claims (parse medical PDFs, summarize, search literature, render cards) but it omits critical privacy and consent steps. Before installing or using it: (1) confirm how uploaded PDFs and extracted text are stored, transmitted, and retained; (2) require explicit user consent/confirmation before any external queries that include personal health details and before publishing to public platforms; (3) verify which external skills/services (brave-search, card-renderer, publishing connectors) will receive data and review their privacy/security policies; (4) prefer local/anonymized processing or redaction of names/IDs before any network calls; (5) test the workflow with synthetic/non-sensitive reports first; and (6) consider disabling autonomous invocation or restricting publishing steps to manual approval to avoid accidental leakage of PHI. If you operate under health-data regulations (e.g., HIPAA, GDPR), ensure compliance before use.

Review Dimensions

Purpose & Capability: noteThe name/description match the workflow: extracting PDF text, identifying lab indicators, searching literature, rendering cards, and optionally publishing. Referencing nano-pdf, brave-search, and card-renderer is coherent for the declared tasks. However, the skill also describes publishing to public platforms (公众号/小红书) but does not require or document credentials or confirmation steps for publishing; that omission is noteworthy.
Instruction Scope: concernSKILL.md instructs extracting full report text and using search to query literature about abnormal indicators, and optionally publishing report-derived content. It does not instruct redaction/anonymization of personal data before external queries or publication, nor does it require explicit user confirmation before posting to public platforms. That broad data handling (sending potentially identifiable medical content to external search/publish endpoints) is out-of-band for a simple 'read-and-summarize' description unless explicit privacy safeguards are added.
Install Mechanism: okInstruction-only skill with no install spec and no code files — minimal filesystem/install risk. No downloads or binaries are requested by the skill itself.
Credentials: noteNo environment variables or credentials are declared. Yet optional publishing features will inherently require credentials for external platforms (not declared). The lack of declared credentials is inconsistent with the publishing capability and makes it unclear how authentication/consent is expected to be handled.
Persistence & Privilege: okalways is false and autonomous invocation is allowed (platform default). Autonomous invocation combined with data-exfiltration vectors (external search and publishing) increases risk, but autonomy alone is not a fault of the skill.