openevidence-prod-checklist

Ensures production readiness for OpenEvidence clinical AI deployments with a comprehensive compliance and security checklist.

Install this skill

or

47/100

Security score

The openevidence-prod-checklist skill was audited on May 12, 2026 and we found 13 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 77

Template literal with variable interpolation in command context

SourceSKILL.md

77	const headers = { Authorization: `Bearer ${apiKey}`, 'Content-Type': 'application/json' };

medium line 80

Template literal with variable interpolation in command context

SourceSKILL.md

80	const ping = await fetch(`${base}/health`, { headers, signal: AbortSignal.timeout(5000) });

medium line 81

Template literal with variable interpolation in command context

SourceSKILL.md

81	console.assert(ping.ok, `API unreachable: ${ping.status}`);

medium line 84

Template literal with variable interpolation in command context

SourceSKILL.md

84	const auth = await fetch(`${base}/me`, { headers });

medium line 89

Template literal with variable interpolation in command context

SourceSKILL.md

89	const query = await fetch(`${base}/query`, {

medium line 95

Template literal with variable interpolation in command context

SourceSKILL.md

95	console.assert(query.ok, `Clinical query failed: ${query.status}`);

medium line 101

Template literal with variable interpolation in command context

SourceSKILL.md

101	await fetch(`${base}/query`, {

medium line 108

Template literal with variable interpolation in command context

SourceSKILL.md

108	console.assert(elapsed < 3000, `Response time ${elapsed}ms exceeds 3s SLA`);

medium line 111

Template literal with variable interpolation in command context

SourceSKILL.md

111	const audit = await fetch(`${base}/audit-log?limit=1`, { headers });

medium line 112

Template literal with variable interpolation in command context

SourceSKILL.md

112	console.assert(audit.ok, `Audit log endpoint failed: ${audit.status}`);

low line 76

Access to .env file

SourceSKILL.md

76	const base = process.env.OPENEVIDENCE_API_URL ?? 'https://api.openevidence.com/v1';

low line 76

External URL reference

SourceSKILL.md

76	const base = process.env.OPENEVIDENCE_API_URL ?? 'https://api.openevidence.com/v1';

low line 127

External URL reference

SourceSKILL.md

127	- [OpenEvidence Platform](https://www.openevidence.com)

Scanned on May 12, 2026

View Security Dashboard

Installation guide →

GitHub Stars 1.5K

Rate this skill

Categorydevelopment

UpdatedMay 13, 2026

claude claude-code cursor frontend design api testing ml-ai-engineer product-manager health-informatics compliance-officer project-manager development product healthcare legal project management

jeremylongshore/claude-code-plugins-plus-skills