Medical Record Structurer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The medical record processing function is coherent, but the package also contains an unrelated self-evolution daemon that can keep running and repeatedly execute code outside the stated purpose.
Review carefully before installing. The core EMR structuring behavior appears user-directed, but do not run the auto-evolution daemon or related self-evolve scripts in a healthcare environment unless you have audited them and accept autonomous background changes. Use anonymized test data first, avoid patient identifiers in billing user IDs, and verify regulatory compliance before processing real medical records.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run, the skill could continue operating in the background and modify or evolve itself beyond the user's immediate record-processing task.
This script is a persistent background loop that repeatedly runs a self-evolution script every 30 minutes, which is not necessary for converting medical records into structured EMR output.
while true; do ... python3 scripts/self_evolve.py >> $LOG_FILE 2>&1 ... sleep 1800
Do not run the auto-evolution daemon unless you have reviewed self_evolve.py and explicitly want autonomous background modification; the publisher should remove this from the skill or make it clearly opt-in with strict limits.
Running this helper may execute code that changes the skill or its files without direct per-change review.
The daemon executes a separate self-evolution Python script from the skill directory, adding runtime behavior unrelated to the documented EMR processing workflow.
cd $SKILL_PATH python3 scripts/self_evolve.py >> $LOG_FILE 2>&1
Review and disable/remove autonomous execution paths; any update or optimization mechanism should require explicit user approval and be documented as outside normal medical-record processing.
The installed skill may not remain stable or predictable if its self-evolution mechanism is used.
The evolution log shows prior automated changes to the skill, supporting that the self-evolution mechanism is intended to mutate the package rather than merely document a feature.
"changes": [
"添加 LRU 缓存支持",
"创建 CHANGELOG.md",
"添加性能监控模块"
]Use a fixed, reviewed version for healthcare workflows; publishers should ship versioned updates through normal release channels rather than autonomous local mutation.
Billing use may send account-related identifiers to SkillPay and consume paid credits after the trial.
The skill discloses use of SkillPay API credentials and billing identifiers after the free trial, which is expected for its pay-per-use monetization but should be visible to users.
Data Transmitted: User ID, API key (encrypted), transaction amounts
Use a dedicated SkillPay API key, avoid using patient identifiers as user_id values, and monitor charges.
Users handling sensitive medical data may over-trust the skill based on marketing claims rather than verified suitability or compliance.
The documentation includes promotional popularity and satisfaction claims that are not independently evidenced in the supplied artifacts.
✅ 累计服务 **1,000+** 用户 ... ✅ 用户满意度 **98%**
Treat promotional claims as unverified; validate accuracy, privacy, billing, and compliance in your own environment before using real patient data.