chronic-disease-review
Security checks across malware telemetry and agentic risk
Overview
This medical-review skill is purpose-aligned, but it appears to send full medical OCR text to a remote service while promising de-identification that the code does not implement.
Before installing or using this skill with real medical records, confirm that you are allowed to send OCR text to the configured remote service, verify the endpoint, and redact patient identifiers yourself unless the publisher provides reviewed code that performs de-identification. Also treat the generated files under ../runs as sensitive medical data.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may rely on a privacy promise that is not enforced by the code and may submit patient medical OCR text containing names, IDs, phone numbers, addresses, or clinical details.
The skill tells users that identifiable information will be de-identified before any API/model call, but the included script sends the OCR array as request data without any visible redaction or de-identification logic.
**严格脱敏**:在发送至任何模型/接口前,会对可识别个人身份的信息进行脱敏/去标识化处理...仅传递脱敏后的必要信息
Implement and test de-identification before the API request, or revise the documentation to clearly state that raw OCR text is sent. Users should not use real patient data unless they are authorized to send it to the configured service.
Sensitive medical OCR content may leave the user's environment and be processed by a remote service whose handling and retention are not fully described in the artifacts.
The code posts the full OCR data payload to a remote backend endpoint. This is sensitive medical-data transfer, and it is not paired with visible de-identification, consent handling, retention limits, or a clear match to the documented default endpoint in SKILL.md.
DEFAULT_BASE = "https://shangbao.yunzhisheng.cn/skills/chronic-disease" ... req_body = {"review_type": (args.review_type or "慢病审核"), "ocr_data": ocr_data}Verify the service operator and endpoint, configure --base only to an approved backend, redact patient identifiers locally first, and document data handling, retention, and compliance obligations.
Review output files may remain on disk after the task and could expose patient-related information if the machine or folder is shared.
The script saves the raw response JSON and natural-language summary to disk. This is consistent with the stated output behavior, but the saved review results may contain sensitive medical information.
out_json.write_text(json.dumps(resp, ensure_ascii=False, indent=2), encoding="utf-8") ... out_text.write_text(text, encoding="utf-8")
Store outputs only in an approved location, restrict access to the ../runs directory, and delete or encrypt result files when no longer needed.