MedCrypt: End-to-End Encryption for Medical Messaging

What to consider before installing/using this skill: - Functional expectations: The package supplies local encryption primitives and a wire format, but it does NOT include Telegram/WhatsApp integration, QR-code generation/parsing, or automated transport. If you expect an out-of-the-box messaging integration, this is not it. - Incomplete / buggy implementation: The provided medcrypt.py excerpt contains issues you should resolve before trusting it in production (for example, use of datetime.UTC, which is not a standard attribute in Python's datetime module, and the file appears truncated around the share-recovery function). Test the script in an isolated environment first. - Provenance and compliance claims: The source and homepage are unknown. Legal claims like 'HIPAA/GDPR compliant' cannot be verified from the code alone—compliance depends on deployment, operational controls, and organizational practices. Do not rely on this claim without legal/security review. - Cryptography review: While primitives appear sensible (AES-GCM, PBKDF2, CSPRNG), cryptographic correctness and side-channel/security details matter (deterministic salt derivation from the secret, iteration count impact, correct zeroization semantics, correctness of the Shamir implementation). If you plan to use this for real patient data, have a qualified crypto/security engineer review the full code or prefer well-vetted libraries/protocols. - No network exfiltration detected in the provided excerpt, but verify the rest of the file: ensure no hidden endpoints, logging to disk, or secret exfiltration is present before running with real data. - Operational recommendations: run the script in an isolated environment, perform a code review (complete file), add explicit tests for key exchange and recovery, and do not use for protected health information in production until reviewed and integrated with a secure transport layer and audited operational procedures.