er Security Report — Trusted | ClawSafe

0 /100

AI4L Evidence Review Toolkit — generates and QA-audits health/longevity evidence reviews

The AI4L Evidence Review Toolkit is a purely document-generation and QA auditing skill with no executable code, no shell access, no sensitive file access, and no network exfiltration capability. All declared capabilities are appropriate for its stated purpose.

Skill Nameer

Duration27.6s

Enginepi

✓

Safe to install

This skill is safe to use as-is. No security restrictions or modifications are needed.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md: 'All generated results go in ./results/'
Filesystem	`READ`	`READ`	✓ Aligned	SKILL.md: targets AI4L.md, CLAUDE.md, README.md, etc.
Network	`READ`	`READ`	✓ Aligned	AI4L.md auditor instructions require PubMed lookups and URL verification
Shell	`NONE`	`NONE`	—	No shell or subprocess usage declared or inferred
Environment	`NONE`	`NONE`	—	No environment variable access detected
Database	`NONE`	`NONE`	—	No database access declared or inferred
Clipboard	`NONE`	`NONE`	—	No clipboard access detected
Browser	`NONE`	`NONE`	—	No browser automation detected

4 findings

🔗

Medium External URL 外部 URL

https://forever-healthy.org

AI4L.md:1

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/version-2026.03.19.1-green.svg

AI4L.md:5

🔗

Medium External URL 外部 URL

https://pubmed.ncbi.nlm.nih.gov/PMID/

AI4L.md:288

🔗

Medium External URL 外部 URL

https://clinicaltrials.gov/study/\

AI4L.md:665

File Tree

2 files · 44.3 KB · 923 lines

Markdown 2f · 923L

├─ 📝 AI4L.md Markdown 712L · 37.3 KB

└─ 📝 SKILL.md Markdown 211L · 7.0 KB

Security Positives

✓ No executable code — skill is pure Markdown documentation with zero scripts or binaries

✓ All declared capabilities (read AI4L.md, write to ./results/) are appropriate and minimal for the task

✓ No shell, subprocess, or command execution capabilities declared or present

✓ No credential harvesting, environment variable enumeration, or sensitive path access

✓ No obfuscation techniques (base64, eval, atob) detected

✓ No supply chain risk — no dependencies, requirements.txt, package.json, or Cargo.toml

✓ Network access is limited to legitimate evidence-audit-related searches (PubMed, clinicaltrials.gov, expert sources)

✓ No data exfiltration — skill only generates documents locally in ./results/

✓ Open-source tool by a known health foundation (Forever Healthy Foundation)

✓ Well-structured, explicit documentation with clear operational boundaries

Scan Report

File Tree

Security Positives