ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

216medsearch

v1.0.0

通过内部 API 模糊查询药品名称并返回其通用名,支持准确或模糊匹配。

0· 79·1 current·1 all-time
by@dddwinter

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dddwinter/216medsearch.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "216medsearch" (dddwinter/216medsearch) from ClawHub.
Skill page: https://clawhub.ai/dddwinter/216medsearch
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install 216medsearch

ClawHub CLI

Package manager switcher

npx clawhub@latest install 216medsearch
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with implementation: the script issues a POST to http://10.1.23.216:8280/rest/schema/med/query to perform fuzzy name lookup and return JSON. No unrelated services, binaries, or config paths are requested.
Instruction Scope
SKILL.md and tool.sh confine actions to the stated API call and JSON formatting. The instructions do not read other system files or environment variables. However, SKILL.md explicitly states the API token is built into the tool and the script uses that token on every request — this is an important scope/privilege detail to be aware of.
Install Mechanism
There is no install spec (instruction-only plus a small shell script). No packages are downloaded or extracted; risk from installation mechanism is low.
!
Credentials
The skill requires no environment variables but contains a hard-coded API token (a JWT-like string) embedded in tool.sh. Shipping credentials inside the skill is disproportionate: if the skill bundle is shared, backed up, or stored in a repo, that token can be leaked and abused. Also the endpoint is an internal IP (10.1.23.216) so the skill will only work when the agent has access to that network — running this outside the intended network could expose the token to unintended contexts.
Persistence & Privilege
always:false and no declarations of modifying other skills or system-wide config. The skill does not request persistent or elevated platform privileges.
What to consider before installing
This skill appears functionally correct for querying an internal drug-info API, but it embeds a hard-coded API token in tool.sh. That token is sensitive: if the skill bundle is shared, uploaded, or run in an environment you don't fully control, the token could be exposed or abused. Before installing: (1) ask the provider to remove the token and instead require you to supply a token via an environment variable or a secure secret store; (2) if removing the token isn't possible, treat the token as compromised and rotate it on the API side; (3) only run the skill on hosts that have network access to 10.1.23.216 and are trusted; (4) verify the token's scope/expiry with your API admin and ensure least privilege; (5) consider auditing access logs for the internal API after first use. If you cannot confirm safe handling of the embedded token, avoid installing or sharing this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97256pzvn1r51rx32e3h3385n848tnk
79downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@dddwinter
latest
Download

216medsearch 技能

描述

通过内部 API 查询药品通用名。当用户询问某个药品的通用名时,使用此技能。

功能

  • 接受药品名称作为参数
  • 通过 http://10.1.23.216:8280/rest/schema/med/query API 进行模糊查询
  • 返回 JSON 格式的结果,判断是否能查到药品的通用名
  • 支持模糊查询(使用 name## 条件)

使用方法

# 查询药品通用名
openclaw exec 216medsearch 环吡酮搽剂

API 参数

  • condition: name##'药品名称' - 通过药品名称进行模糊查询
  • propNames: name - 查询 name 字段

返回格式

返回 JSON 格式数据,包含:

  • 查询是否成功
  • 药品信息(包括通用名)
  • 错误信息(如果查询失败)

注意事项

  • 药品名称应该准确,但支持模糊查询
  • 如果药品名称有误或不存在,API 会返回空结果
  • API token 已内置在工具中,无需额外提供

示例

# 查询环吡酮搽剂的通用名
216medsearch 环吡酮搽剂

# 返回示例:
{
  "success": true,
  "data": [
    {
      "name": "环吡酮搽剂",
      "genericName": "环吡酮胺",
      ...
    }
  ]
}

Comments

Loading comments...