HYFCeph
ReviewAudited by ClawScan on May 10, 2026.
Overview
HYFCeph appears purpose-aligned, but it uploads selected medical images/reports to external services and saves a reusable HYFCeph API key locally.
Before installing, confirm you are comfortable uploading the selected ceph images to HYFCeph and receiving online report links. Use a dedicated HYFCeph API key, keep the portal URL at the trusted default, avoid patient identifiers unless necessary, and clear the saved API key/results on shared devices.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A saved API key can authorize future HYFCeph runs without asking again, and the service operates through the provider's server-side session model.
The skill uses delegated server-side authority and stores the user's HYFCeph API key locally for future runs. This is disclosed and matches the workflow, but it is a real credential/privilege boundary.
The public user only sends images; the server reuses the owner's synced browser session behind the scenes... persists the validated API key to: `~/.codex/state/hyfceph-auth.json`
Only use an API key you trust for this portal, avoid sharing the machine/account with untrusted users, and use the clear-saved-api-key option or rotate the API key if needed.
Ceph images, measurements, patient names, or report contents may be present in online report links or backup documents.
The workflow can create online report links and a Feishu backup document containing analysis outputs. This is disclosed and related to reporting, but it sends sensitive clinical outputs beyond the local machine.
the portal now renders a standalone report page, uploads it to OSS, and returns a short link... `feishuDocShareUrl`: backup Feishu document link
Do not include patient-identifying details unless you are comfortable with the portal/report-sharing model, and manage or delete shared reports according to the provider's privacy controls.
Old measurement data and generated images may remain on the device and could be reused for later PDF/report generation.
The skill keeps local result and artifact state for later reuse. This is useful for regenerating reports, but it means clinical outputs persist after the conversation.
The service client saves a local result JSON plus annotation files... if the user asks to generate a PDF, do not rerun the measurement unless the input images changed. Prefer the latest local result
Delete generated result JSON, image, PDF, and state files when they are no longer needed, especially on shared devices.
If the portal URL is changed to an untrusted endpoint, sensitive images or the saved API key could be sent there.
The client allows the portal base URL to be changed by an argument or environment variable. This is a normal integration/testing capability, but it controls where API keys, images, and report requests are sent.
--portal-base-url <url> HYFCeph portal URL... requestedPortalBaseUrl || process.env.HYFCEPH_PORTAL_BASE_URL || DEFAULT_PORTAL_BASE_URL
Use the default HYFCeph portal unless you intentionally trust a different deployment, and avoid setting HYFCEPH_PORTAL_BASE_URL from untrusted sources.
Generating PDFs may run a local Chrome/Chromium-compatible browser executable.
The PDF helper invokes a local browser binary. This is expected for local PDF rendering, but it is still local command execution and can be influenced by the HYFCEPH_CHROME_PATH environment variable.
import { execFile } from 'node:child_process'... process.env.HYFCEPH_CHROME_PATH... await execFileAsync(command, ['--version']);Only set HYFCEPH_CHROME_PATH to a trusted browser binary and avoid generating PDFs from untrusted or unexpected result files.