Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ecg-diagnosis
v1.0.02026 视觉语义化心电助手(增强校验版)。强制执行本地脚本,内置文件名格式审计与拟人进度播报。
⭐ 0· 55·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (visual ECG assistant that enforces a filename audit and runs a local script) aligns with the included script which automates a web UI to upload images and extract diagnosis. However the description and SKILL.md do not explicitly disclose that images will be uploaded to an external web service (https://www.xin-gou.com/chat/) nor that a persistent browser profile will be created in the user's folder. The use of a stealth library to evade automation detection is disproportionate for a typical benign helper and is not explained.
Instruction Scope
SKILL.md instructs the agent to enforce filename format and then call the local script. The script proceeds to open a remote web page and upload user images, extract chat content, and save results. The runtime instructions do not explicitly warn about network upload of images (potentially containing personal health information) to a third-party domain. The SKILL.md requires strict filename auditing but that auditing is weaker in the script and the script will run regardless if invoked directly.
Install Mechanism
No install spec is provided (instruction-only), but the bundled Python script depends on non-trivial packages (playwright, playwright_stealth, pandas). Running the script will therefore require installing heavy runtime dependencies not documented in the skill. Lack of install instructions increases risk and friction; the script also launches a real browser via Playwright which may prompt additional system installs.
Credentials
The skill requests no environment variables or credentials, which is proportional. However, it does access local filesystem paths (the user-provided folder) and will create .web_profile and an Excel results file there. It will also transmit image files to an external service — sensitive data handling is the main proportionality concern despite lack of credential requests.
Persistence & Privilege
The skill is not always-on and is user-invocable. The script writes a persistent Playwright profile directory (.web_profile) into the target folder and writes/updates an Excel file in that folder. This is expected for a local automation tool but should be disclosed and considered by users. There is no evidence the skill modifies other skills or global agent configuration.
What to consider before installing
This skill will run a bundled Python script that opens a browser, uploads your image files to https://www.xin-gou.com/chat/, and saves diagnosis results into an Excel file in the same folder; it also creates a .web_profile browser profile. Before installing or running: (1) Confirm you trust the remote site (xin-gou.com) and its privacy/medical-data policies — this will send the actual ECG image files off your machine. (2) If images contain personal health information, do not run on real patient data unless you have explicit consent and the service meets legal/regulatory requirements. (3) Consider running in an isolated VM or sandbox, and inspect or run the script on test/dummy images first. (4) Be aware the script uses 'playwright_stealth' (attempts to evade automation detection) — ask why evasion is necessary. (5) Ensure required Python dependencies (playwright, playwright_stealth, pandas) are installed from trusted sources and that Playwright's browser runtime is installed. (6) Ask the author for: a) explicit disclosure that images are uploaded to the third-party site, b) dependency/install instructions, and c) confirmation why stealth/evasion is used and whether a headless/safe mode exists.Like a lobster shell, security has layers — review code before you run it.
latestvk9723z36w9j1f99hhjt0m71wws84kftv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.