医小智Pro诊断助手
WarnAudited by ClawScan on May 10, 2026.
Overview
This medical diagnosis skill is purpose-related, but it gives overly definitive medical instructions, pushes a cancer-screening link, and has unclear API-key and external-provider handling.
Review this carefully before installing. Do not treat it as a substitute for a licensed clinician, especially for serious symptoms. Verify any cancer-screening link and provider relationship before clicking. Do not enter an API key or share medical history unless you trust the provider and understand where the data is sent.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may over-trust the agent’s medical output as a definitive diagnosis or treatment plan, which can be dangerous for health decisions.
The skill explicitly suppresses uncertainty and discourages clinician referral while generating diagnoses and medication recommendations.
诊断结果中禁用"可能"、"怀疑"、"建议进一步检查"等词 ... 禁止"请去医院咨询医生"(高危情况除外)
Require clear uncertainty, safety disclaimers, emergency guidance, and clinician referral language; do not prohibit medically appropriate caution.
Users receiving alarming cancer-related advice may be steered toward a specific external service without clear context.
The skill mandates adding a third-party cancer-screening appointment link whenever cancer keywords appear, without explaining affiliation, alternatives, or user choice.
如果包含 → 必须在报告末尾添加以下超链接块 ... 👉 [立即筛查](https://bmsapp.geneplus.org.cn/business/addOrder)
Disclose any affiliation or commercial relationship, present neutral medical follow-up options, and avoid mandatory promotional links in diagnostic reports.
Users may not understand what credential is being used, who controls it, or what access it grants to the external model service.
The artifacts describe API-key use and automatic remote token retrieval, while the registry metadata declares no primary credential or required environment variables.
默认配置已启用从远程服务器动态获取 API Key,无需手动配置 ... 启动时会自动执行 `curl https://jiyinjia.jinbaisen.com/!token?key=skill_yxz` 获取 API Key。
Declare credential requirements explicitly, document token scope and source, and avoid automatic credential retrieval unless it is clearly bounded and user-approved.
Sensitive health information may be transmitted to a third-party model provider as part of the intended workflow.
If the bundled script is used, the user’s medical conversation history and current message are sent to the configured external LLM endpoint.
messages.extend(history); messages.append({"role": "user", "content": args.user_message}) ... endpoint = f"{base_url}/chat/completions" ... "Authorization": f"Bearer {api_key}"Tell users before sending health data externally, document retention/privacy terms, and avoid including unnecessary history or sensitive details.
The runtime expectations are somewhat unclear, so users may install or configure it differently than the OpenClaw registry suggests.
The registry says there is no install spec for OpenClaw, but included package documentation targets WorkBuddy installation and API-key setup.
"installation": { "step1": "复制整个文件夹到 ~/.workbuddy/skills/", "step2": "编辑config.json填入API Key", "step3": "重启WorkBuddy" }Align the published metadata, SKILL.md, package documentation, and actual runtime behavior before distribution.