adverse-event-narrative 安全扫描报告 — 可信 | ClawSafe

5 /100

adverse-event-narrative

Generate CIOMS-compliant adverse event narratives for Individual Case Safety Reports (ICSR)

Legitimate pharmacovigilance tool that generates CIOMS-compliant adverse event narratives from JSON case data with no malicious behavior detected.

技能名称adverse-event-narrative

分析耗时56.9s

引擎pi

✓

可以安装

No action required. The skill is safe to use as a text generation tool for regulatory pharmacovigilance workflows.

安全发现 1 项

严重性	安全发现	位置
低危	Over-declared allowed-tools 文档欺骗 SKILL.md declares 'Bash' in allowed-tools but the implementation uses only Python standard library (json, argparse, datetime) with no subprocess, os.system, or any shell execution. The tool is purely a text processor. `allowed-tools: [Read, Write, Bash, Edit]` → Remove 'Bash' from allowed-tools declaration to accurately reflect that this is a pure text-generation tool with no shell execution capability.	`SKILL.md:7`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	scripts/main.py:240-244 writes output file
文件系统	`READ`	`READ`	✓ 一致	scripts/main.py:221-227 reads input JSON
网络访问	`NONE`	`NONE`	—	No network imports or requests in scripts/main.py
命令执行	`WRITE`	`NONE`	✓ 一致	scripts/main.py uses only Python standard library; no subprocess, os.system, or …
环境变量	`NONE`	`NONE`	—	No os.environ access or environment variable reading
技能调用	`NONE`	`NONE`	—	No skill invocation capabilities present
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser/web automation
数据库	`NONE`	`NONE`	—	No database connectivity

8 文件 · 38.0 KB · 1270 行

Markdown 5f · 783L Python 1f · 372L JSON 2f · 115L

├─ ▾ 📁 references

│ ├─ 📝 CIOMS_I_Guidelines.md Markdown 98L · 3.2 KB

│ ├─ 📝 ICSR_Template.md Markdown 101L · 2.4 KB

│ ├─ 📝 MedDRA_Reference.md Markdown 100L · 2.3 KB

│ ├─ 📝 Quick_Reference.md Markdown 63L · 1.4 KB

│ ├─ 📋 sample_case_001.json JSON 91L · 2.9 KB

│ └─ 📋 sample_case_minimal.json JSON 24L · 599 B

├─ ▾ 📁 scripts

│ └─ 🐍 main.py Python 372L · 12.3 KB

└─ 📝 SKILL.md Markdown 421L · 12.9 KB

✓ No network requests or external communication detected

✓ No credential harvesting or environment variable access

✓ No obfuscation techniques (no base64, eval, or atob)

✓ No sensitive file path access (~/.ssh, ~/.aws, .env)

✓ No remote script execution (no curl|bash or wget|sh patterns)

✓ No subprocess or shell command execution in code

✓ Uses only Python standard library with zero external dependencies

✓ Clean, readable code with proper error handling

✓ Legitimate pharmacovigilance use case with regulatory compliance focus

✓ No data exfiltration or C2 communication patterns