Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The stated purpose (generate structured outpatient initial records from Chinese doctor–patient dialogue) matches the provided script's behavior: the script reads a dialogue file and requests a record from a backend service. Calling a remote service to generate records is plausible for this purpose.
Instruction Scope
SKILL.md repeatedly promises local de-identification ('严格脱敏'), minimal-data principles, and '不做本地持久化' (no local persistence). The runtime script, however, reads the full dialogue file and posts it directly to an external endpoint (RECORD_API_URL) with no de-identification or sanitization step implemented. The script also writes the generated record to disk (default ../runs/...), contradicting the 'no local persistence' claim. This is a significant mismatch between instructions and actual behavior.
Install Mechanism
No install spec is provided and the skill is instruction + a small Python script. No third-party packages or arbitrary downloads are installed by the skill itself, so installation risk is low.
Credentials
The skill requests no environment variables or credentials, yet it transmits (potentially sensitive) dialogue text to an external host (https://shangbao.yunzhisheng.cn/...). There is no authentication or explicit opt-in shown in the code, and the promised de-identification step is missing. Transmitting PHI/PII without the claimed protections is disproportionate to the declared transparency in SKILL.md.
Persistence & Privilege
SKILL.md asserts 'no local persistence' for inputs/intermediate data, but the script reads input from disk and writes the output record to a file (creates directories if needed). The skill does not request elevated agent privileges nor set always:true, but the mismatch about persistence is material to privacy.
What to consider before installing
This skill contains a clear mismatch between its privacy promises and the code: SKILL.md says it will de-identify inputs and not persist data, but scripts/gen_initial_record.py posts the full dialogue to an external URL and writes the generated record to disk. Before installing or using this skill, consider: 1) Do not send real patient data to this skill until you verify the backend and that de-identification is actually performed. 2) Inspect and verify the remote endpoint (shangbao.yunzhisheng.cn): who operates it, privacy policy, retention, encryption, and whether it is trusted for protected health information (PHI). 3) If you need local guarantees, ask the author to implement and document an explicit de-identification step in the script (with tests), or modify the code to perform on-device de-id before any network call. 4) If storing output on disk is unacceptable, change the script to avoid writing files or make output optional. 5) Run the code in an isolated environment and test with synthetic/scrubbed dialogues first. If the author cannot justify the endpoint and the missing de-identification, treat this skill as unsafe for real patient data.Like a lobster shell, security has layers — review code before you run it.
latestvk979zhane0v8zaeskddypdwpsd836n1h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📝 Clawdis