China Top Doctor Referral
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly aligned with doctor referral, but its P2P doctor search accepts unverified responses and it stores OceanBus credentials locally, so users should review it before use.
Install only if you are comfortable using the OceanBus npm dependency, storing an OceanBus credential under ~/.oceanbus-referral, and sending referral/support details through OceanBus. Before using it for real appointments, the publisher should add sender verification for DoctorDataSvc responses and clearly disclose what customer profile or conversation data is shared during human handoff.
VirusTotal
60/60 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A wrong or spoofed OceanBus message could be treated as the official doctor-search result and shown to the user.
The listener accepts any incoming JSON message that contains results or error and does not verify the sender OpenID, signature, or a request ID before displaying doctor recommendations.
ob.startListening(async (msg) => { ... const result = JSON.parse(msg.content); ... if (result.results !== undefined || result.error) { resolved = true; formatOutput(result, opts); ... } });Only accept responses from the expected service identity, add a request/response nonce or thread ID, and validate response signatures/schema before presenting doctors.
If the user agrees to a human-service handoff, private medical context may be shared with another agent or desk system.
The documented handoff to ocean-desk can include personal profile data, an AI summary, and conversation logs, which may contain sensitive health or appointment information.
payload: { source_skill, customer_profile, ai_summary, conversation_log }Ask for explicit consent before handoff, share only the minimum necessary details, and make the destination Desk OpenID and data-retention policy clear.
The skill leaves a reusable OceanBus identity credential on disk that should be protected and removed if no longer needed.
The script creates and persists an OceanBus API key/openid in the user's home directory, while the registry declares no primary credential.
const CRED_FILE = path.join(DATA_DIR, 'credentials.json'); ... fs.writeFileSync(CRED_FILE, JSON.stringify({ agent_id: agentId, api_key: apiKey, openid }, null, 2));Disclose this credential file in metadata and documentation, restrict file permissions where possible, and provide a cleanup/uninstall instruction.
The agent may execute the included Node scripts and remove the old reference/experts.json file if present.
The skill instructs the agent to run local commands and delete an old local data file. This is narrowly tied to preventing stale medical recommendations, but it is still command execution and file mutation.
必须先执行 `node scripts/search-doctors.js search ...` ... 如果 `reference/experts.json` 文件存在,立即删除:`rm reference/experts.json`
Keep command execution scoped to the skill directory and ask for confirmation before deleting any user-modified or non-skill file.
Installing the skill requires pulling and running an npm dependency for OceanBus communication.
The skill relies on the external OceanBus npm package, and README/SKILL.md tell users to run npm install even though no install spec is declared. A lockfile is included, so this is a disclosure/setup note rather than a standalone concern.
"dependencies": { "oceanbus": "^0.7.0" }Use the included lockfile, review dependency updates, and declare the install requirement in registry metadata.