fhir-developer-skill

Guides developers in creating and validating FHIR REST endpoints for healthcare applications, ensuring compliance with standards.

Install this skill

83/100

Security score

The fhir-developer-skill skill was audited on Feb 12, 2026 and we found 13 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 138

Template literal with variable interpolation in command context

SourceSKILL.md

138	.json(operationOutcome('error', 'value', `Invalid status '${req.body.status}'`));

low line 161

External URL reference

SourceSKILL.md

161	\| LOINC \| `http://loinc.org` \|

low line 162

External URL reference

SourceSKILL.md

162	\| SNOMED CT \| `http://snomed.info/sct` \|

low line 163

External URL reference

SourceSKILL.md

163	\| RxNorm \| `http://www.nlm.nih.gov/research/umls/rxnorm` \|

low line 164

External URL reference

SourceSKILL.md

164	\| ICD-10 \| `http://hl7.org/fhir/sid/icd-10` \|

low line 165

External URL reference

SourceSKILL.md

165	\| v3-ActCode \| `http://terminology.hl7.org/CodeSystem/v3-ActCode` \|

low line 166

External URL reference

SourceSKILL.md

166	\| Observation Category \| `http://terminology.hl7.org/CodeSystem/observation-category` \|

low line 167

External URL reference

SourceSKILL.md

167	\| Condition Clinical \| `http://terminology.hl7.org/CodeSystem/condition-clinical` \|

low line 168

External URL reference

SourceSKILL.md

168	\| Condition Ver Status \| `http://terminology.hl7.org/CodeSystem/condition-ver-status` \|

low line 187

External URL reference

SourceSKILL.md

187	{"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode", "code": "AMB"}

low line 192

External URL reference

SourceSKILL.md

192	{"coding": [{"system": "http://loinc.org", "code": "8480-6"}], "text": "Systolic BP"}

low line 202

External URL reference

SourceSKILL.md

202	{"system": "http://hospital.example.org/mrn", "value": "12345"}

low line 256

External URL reference

SourceSKILL.md

256	- Client sends: `If-None-Exist: identifier=http://mrn\|12345`

Scanned on Feb 12, 2026

View Security Dashboard

Installation guide →

GitHub Stars 55

Rate this skill

Categorydevelopment

UpdatedMay 21, 2026

openclaw api backend backend-developer data-engineer development

NeverSight/skills_feed