医疗设备问题报告生成器
v1.0.0医疗设备软件问题报告生成器。根据用户输入的缺陷描述自动生成符合规范的问题报告(包含问题现象、复现步骤、环境信息、严重等级、影响分析等),便于提交给开发和测试团队。触发词:生成问题报告、问题报告、缺陷报告、bug 报告、issue report
⭐ 0· 44·0 current·0 all-time
by@gnllk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the included files and behavior: a small Python script plus templates that produce Markdown issue reports and severity judgments. No unrelated credentials, binaries, or system-level access are requested.
Instruction Scope
SKILL.md only instructs running the included script with the user's description and guiding the user to fill missing fields; it does not request reading system files or contacting external services. Note: the pre-scan detected unicode-control-chars in SKILL.md (possible prompt-injection attempt) and the example shows invoking a shell command with user text — ensure the runtime properly escapes user input to avoid command injection when the agent executes shell commands.
Install Mechanism
No install spec is provided (instruction-only skill) and included code is small and local. Nothing is downloaded or extracted from external URLs.
Credentials
No environment variables, credentials, or config paths are required. The Python script reads only the provided CLI argument and formats a report; it does not access external services or secrets.
Persistence & Privilege
always:false and no special persistence or elevated privileges requested. The skill does not modify other skills or system-wide configuration.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md contained unicode control characters flagged by the scanner. This can be used to hide text or try to manipulate LLM prompting. For this skill's stated purpose there is no clear need for control characters; review the SKILL.md for hidden characters and remove them or ask the author for clarification.
Assessment
This skill is internally coherent and the bundled Python script is small and readable, but take these precautions before installing or enabling it in production:
- Manually inspect SKILL.md for hidden unicode control characters (the static scanner flagged them). Remove or clarify any suspicious invisible characters.
- Review the included script (scripts/generate_issue_report.py) locally — it is self-contained and only formats user input into Markdown, which appears safe. Verify it does not call external networks or read sensitive files (it does not in the provided version).
- If the platform will execute the example shell command, ensure the agent runtime escapes user-provided text (to avoid shell command injection) or prefer invoking the Python script with safe argument passing rather than via an interpolated shell line.
- Avoid pasting real patient-identifiable data into the skill unless you have confirmed your environment and policies cover protected health information (PHI). Prefer redacted examples for testing.
- Because of the prompt-injection flag, consider testing the skill in an isolated environment first and request the author to explain/remove the control characters.
If you want, I can show the exact lines in SKILL.md that contain control characters and suggest sanitized replacements.Like a lobster shell, security has layers — review code before you run it.
latestvk97dhb2vzpsyp98x0wy210m1t583wter
License
MIT-0
Free to use, modify, and redistribute. No attribution required.