ClawHub

chronic-disease-review

WarnAudited by ClawScan on May 10, 2026.

Overview

The skill performs the advertised medical review, but it may send unredacted medical OCR text to an external service despite promising de-identification.

Review carefully before installing or using. Do not submit real patient OCR data unless you have approval to send it to the shown backend service, or pre-redact names, IDs, phone numbers, addresses, and other identifiers yourself. Also check the generated ../runs output files because they may persist sensitive review results.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High
#ASI07: Insecure Inter-Agent Communication
What this means

Medical document text may leave the local environment in identifiable form, exposing sensitive health or identity information to the backend service.

Why it was flagged

The script posts the full validated OCR array to a remote default service. The code validates structure but does not show any removal of names, ID numbers, phone numbers, addresses, or other PII before transmission.

Skill content
DEFAULT_BASE = "https://shangbao.yunzhisheng.cn/skills/chronic-disease" ... req_body: Dict[str, Any] = {"review_type": (args.review_type or "慢病审核"), "ocr_data": ocr_data} ... resp = call_review_by_ocr(args.base, req_body, timeout=args.timeout)
Recommendation

Only use this with OCR data you are allowed to send to that service. Implement and verify client-side redaction before the POST, document the exact endpoint and data fields sent, and require explicit user consent for sensitive records.

Medium
#ASI09: Human-Agent Trust Exploitation
What this means

Users may trust the skill to protect personal medical information or use an expected backend, when the reviewed code does not support those assurances.

Why it was flagged

The documentation promises de-identification before any API/model call and lists a different default backend than the code's `https://shangbao.yunzhisheng.cn/skills/chronic-disease` default, making the privacy and destination claims unreliable.

Skill content
“严格脱敏:在发送至任何模型/接口前,会对可识别个人身份的信息进行脱敏/去标识化处理” ... “--base URL:后端 base(默认:`http://10.10.20.15:9011`)”
Recommendation

Update the documentation to match the code, or change the code to perform the promised redaction and use the documented endpoint. Remove unsupported privacy claims until they are implemented.