Skip to main content

/

/

Stats

Actions

Tags

Stats

Actions

Tags

ClaudePluginHub

Community directory for discovering and installing Claude Code plugins.

Find plugins for your project

AI-powered recommendations based on your stack.

Product

Browse Plugins
Marketplaces
Pricing
About
Contact

Resources

Learning Center
Blog
Weekly Digest
Claude Code Docs
Plugin Guide
Plugin Reference
Plugin Marketplaces

Community

Browse on GitHub
Get Support

Legal

Terms of Service
Privacy Policy

Browse · Plugins · Top Plugins · Marketplaces · Components · Technologies · Skills · Agents · Commands · Hooks · MCP Servers · LSP Servers · Output Styles · Themes · Monitors

Categories · Productivity · Development · Testing · Deployment · Security · Documentation · Data · Utilities

© 2025 ClaudePluginHub

Community Maintained · Not affiliated with Anthropic

ClaudePluginHub

ClaudePluginHub

Tools Learn Pricing

Search everything...

fhir-api-client-security | cpa

Home
Skills
cpa
fhir-api-client-security

Skill

fhir-api-client-security

From cpa

Security review for plugins acting as FHIR API clients - token management, scope validation, and patient-scoped authorization

Popularity

Parent stars

2

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/cpa:fhir-api-client-security

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

This skill provides security review guidelines for Canvas plugins that act as FHIR API clients. Use it to audit token management, scope usage, and patient-scoped authorization when your plugin calls Canvas FHIR APIs or external FHIR endpoints.

Supporting Files

fhir_client_context.txt

SKILL.md

34 lines · ~339 tokens

Stats

LanguagePython

Parent stars2

MaintenanceExcellent

Last CommitApr 6, 2026

Actions

View Source View Plugin View on GitHub View README

Stats

LanguagePython

Parent stars2

MaintenanceExcellent

Last CommitApr 6, 2026

Actions

View Source View Plugin View on GitHub View README

FHIR API Client Security Skill

This skill provides security review guidelines for Canvas plugins that act as FHIR API clients. Use it to audit token management, scope usage, and patient-scoped authorization when your plugin calls Canvas FHIR APIs or external FHIR endpoints.

When to Use This Skill

Use this skill when:

Plugin uses Http() to call FHIR APIs
Plugin uses Canvas SDK data models (Patient.objects, etc.)
Plugin implements SMART on FHIR integration
Plugin has patient-facing features that access FHIR data
Reviewing OAuth token scope declarations

Key Security Concerns

Token Scope - Request minimum necessary scopes (least privilege)
Patient-Scoped Tokens - Patient-facing apps MUST scope tokens to the specific patient
Token Storage - Tokens in secrets, never hardcoded
Token Leakage - Never log tokens or include in error messages

Security Checklist

Reference the fhir_client_context.txt file for detailed patterns including:

OAuth authentication methods
FHIR scope format and common scopes
Patient-scoped token requirements
Token storage best practices
Common vulnerabilities and detection

$

npx claudepluginhub canvas-medical/coding-agents --plugin cpa

Similar Skills

fhir-developer-skill

304

Guides building FHIR R4 REST endpoints for Patient, Observation, Encounter, Condition, MedicationRequest including resource validation, HTTP status codes, value sets, coding systems (LOINC, SNOMED, RxNorm, ICD-10), and OperationOutcome error handling.

5 files

View fhir-developer-skill

domain-healthcare:hl7-fhir

13

Guides HL7 FHIR R4 interoperability: resources CRUD/search, HAPI/Microsoft servers, SMART on FHIR auth, CDS Hooks, bulk export, US Core profiles.

3 files4 tools

domain-healthcare

View domain-healthcare:hl7-fhir

fhir-r6-guardrails

20

FHIR agent guardrails for clinical data access via MCP. Provides 12+ tools for reading/writing resources with automatic PHI redaction, audit trails, and step-up authorization.

healthclaw-guardrails

View fhir-r6-guardrails