ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

med-record-gen

v1.0.0

从中文医患对话文本生成门诊初诊病历,输出结构化分段的病历正文(文本)。

0· 220·1 current·1 all-time
by@aaiccee

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for aaiccee/med-record-gen.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "med-record-gen" (aaiccee/med-record-gen) from ClawHub.
Skill page: https://clawhub.ai/aaiccee/med-record-gen
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install med-record-gen

ClawHub CLI

Package manager switcher

npx clawhub@latest install med-record-gen
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The stated purpose (generate structured outpatient initial records from Chinese doctor–patient dialogue) matches the provided script's behavior: the script reads a dialogue file and requests a record from a backend service. Calling a remote service to generate records is plausible for this purpose.
!
Instruction Scope
SKILL.md repeatedly promises local de-identification ('严格脱敏'), minimal-data principles, and '不做本地持久化' (no local persistence). The runtime script, however, reads the full dialogue file and posts it directly to an external endpoint (RECORD_API_URL) with no de-identification or sanitization step implemented. The script also writes the generated record to disk (default ../runs/...), contradicting the 'no local persistence' claim. This is a significant mismatch between instructions and actual behavior.
Install Mechanism
No install spec is provided and the skill is instruction + a small Python script. No third-party packages or arbitrary downloads are installed by the skill itself, so installation risk is low.
!
Credentials
The skill requests no environment variables or credentials, yet it transmits (potentially sensitive) dialogue text to an external host (https://shangbao.yunzhisheng.cn/...). There is no authentication or explicit opt-in shown in the code, and the promised de-identification step is missing. Transmitting PHI/PII without the claimed protections is disproportionate to the declared transparency in SKILL.md.
!
Persistence & Privilege
SKILL.md asserts 'no local persistence' for inputs/intermediate data, but the script reads input from disk and writes the output record to a file (creates directories if needed). The skill does not request elevated agent privileges nor set always:true, but the mismatch about persistence is material to privacy.
What to consider before installing
This skill contains a clear mismatch between its privacy promises and the code: SKILL.md says it will de-identify inputs and not persist data, but scripts/gen_initial_record.py posts the full dialogue to an external URL and writes the generated record to disk. Before installing or using this skill, consider: 1) Do not send real patient data to this skill until you verify the backend and that de-identification is actually performed. 2) Inspect and verify the remote endpoint (shangbao.yunzhisheng.cn): who operates it, privacy policy, retention, encryption, and whether it is trusted for protected health information (PHI). 3) If you need local guarantees, ask the author to implement and document an explicit de-identification step in the script (with tests), or modify the code to perform on-device de-id before any network call. 4) If storing output on disk is unacceptable, change the script to avoid writing files or make output optional. 5) Run the code in an isolated environment and test with synthetic/scrubbed dialogues first. If the author cannot justify the endpoint and the missing de-identification, treat this skill as unsafe for real patient data.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📝 Clawdis
latestvk979zhane0v8zaeskddypdwpsd836n1h
220downloads
0stars
1versions
Updated 20h ago
v1.0.0
MIT-0
@aaiccee
latest
Download

门诊初诊病历生成

概述

给定一份 中文医患对话文本(通常来自 ASR 转写),本技能生成一份门诊 初诊病历 文本,包含常见病历分段(如主诉、现病史、既往史、查体、辅助检查、诊断、处理等)。

常见输出分段:

  • 主诉
  • 现病史
  • 既往史
  • 月经史(如适用)
  • 查体
  • 辅助检查
  • 诊断
  • 处理

数据安全、隐私与伦理声明

  • 最小必要原则:仅处理生成病历所必需的对话内容;不要求也不鼓励包含姓名、证件号、手机号、详细地址等身份信息。
  • 严格脱敏:在发送至任何模型/接口前,会对可识别个人身份的信息进行脱敏/去标识化处理(如姓名、证件号、手机号、详细地址、人脸/影像等)。仅传递脱敏后的必要信息用于本次 skill 调用。
  • 不做本地持久化:不将用户输入与中间结果写入本地持久化存储(包含磁盘文件、数据库、日志)。仅在内存中短暂处理;本次调用结束即销毁
  • 第三方 API 风险提示:在功能需要时,可能会调用第三方模型/服务接口;此时仅会发送脱敏后的必要信息,并使用加密传输。除完成本次请求外,不用于任何其他用途(如训练、画像、营销)。
  • 医疗边界:本技能用于病历文本整理与结构化表达的辅助生成,不构成医疗诊断或治疗建议;请由执业医生复核并承担最终医疗责任。

输入格式

纯文本对话(UTF-8),建议一行一句/一轮,例如:

患者:…… 医生:…… 患者:…… 医生:……

快速开始

# 从 skills 目录运行
python3 scripts/gen_initial_record.py \
  --input data/med-initial-record-gen/dialogue.txt

参数说明

  • --input PATH
    • 输入对话文本路径(UTF-8)。
  • --output PATH
    • 输出病历路径(默认:../runs/med-initial-record-gen/record.txt)。
  • --diag-id STRING
    • 对话 ID(默认:skill-diag)。
  • --timeout SECONDS
    • 超时秒数;0 表示一直等待(默认:0)。

输出约定

  • 若输出路径父目录不存在,会自动创建。
  • 输出为 UTF-8 文本,包含常见门诊初诊病历分段。

测试命令

skills 目录执行(网络自测):

python3 self_tests/med-initial-record-gen/self_test_initial_record_gen.py --run-network

Comments

Loading comments...