ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

med-record-struct

v1.0.0

将中文门诊复诊病历文本结构化为细粒度字段,输出 JSON(如现病史/既往史/诊断/处理意见等)。

0· 219·1 current·1 all-time
by@aaiccee

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for aaiccee/med-record-struct.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "med-record-struct" (aaiccee/med-record-struct) from ClawHub.
Skill page: https://clawhub.ai/aaiccee/med-record-struct
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install med-record-struct

ClawHub CLI

Package manager switcher

npx clawhub@latest install med-record-struct
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's stated goal (structure Chinese outpatient follow-up records) aligns with the included Python script which POSTs the record to a remote structuring API and returns JSON. Calling a remote service for extraction is a reasonable implementation choice for this purpose.
!
Instruction Scope
SKILL.md repeatedly promises '严格脱敏' (strict de-identification) and '不做本地持久化' (no local persistence). The runtime script, however, reads the full record from disk and sends the raw record_text to the remote API without any de-identification step, and it writes the structured output to a JSON file on disk. The documentation therefore misstates what the code does — this is a substantive scope/behavior mismatch.
Install Mechanism
No install spec; skill is instruction + a small Python script that uses only the standard library (urllib, json). This is low-risk from an install/execution perspective.
!
Credentials
The skill requests no credentials and no env vars, yet it transmits potentially sensitive medical text to a third-party endpoint (https://shangbao.yunzhisheng.cn/...). There is no code-driven de-identification, no authentication, and no explicit privacy/retention guarantees from that endpoint in the repository. Asking for no credentials is not in itself bad, but the claim that the skill will de-identify data prior to sending is not implemented.
Persistence & Privilege
The skill does not request elevated privileges or 'always' inclusion. However, it does persist the structured output to disk (configurable output path), which contradicts the SKILL.md assertion of 'no local persistence'. Writing the structured JSON is normal for tooling but is inconsistent with the declared privacy stance.
What to consider before installing
This skill will send the full text of the medical record you provide to a remote service (https://shangbao.yunzhisheng.cn/...). Although the SKILL.md promises de-identification and no local persistence, the included script does not perform de-identification and it writes structured results to disk. Before installing or using it: (1) do not feed real identifiable patient data unless you trust and have reviewed the remote service and its privacy/legal terms; (2) if you must use it, pre-sanitize/de-identify records yourself (remove names, IDs, phone numbers, addresses, images) before running; (3) consider modifying the script to perform de-identification locally and/or to avoid writing sensitive outputs to disk; (4) validate the remote endpoint (ownership, TLS, retention policy) and consider running an on-prem/local model instead if PHI cannot be shared; (5) after testing, securely delete any output files containing patient-derived data. The mismatch between the documentation and implementation is the primary risk here.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🧩 Clawdis
latestvk97eqdx5ra5vppbpf7wj0yd7mn837r4a
219downloads
0stars
1versions
Updated just now
v1.0.0
MIT-0
@aaiccee
latest
Download

门诊复诊病历结构化

概述

给定一份中文门诊 复诊病历文本(医生已书写),本技能抽取并规范化为细粒度字段 JSON,例如:

  • 现病史.病情概述
  • 现病史.药物
  • 现病史.其他治疗措施
  • 现病史.病情转归
  • 现病史.一般情况
  • 既往史.疾病
  • 既往史.其他信息
  • 既往史.手术史
  • 既往史.过敏史
  • 既往史.输血史
  • 婚育史
  • 月经史
  • 个人史
  • 家族史
  • 查体
  • 辅助检查
  • 诊断
  • 处理意见.药物
  • 处理意见.其他建议

数据安全、隐私与伦理声明

  • 最小必要原则:仅处理结构化抽取所必需的文本内容;不要求也不鼓励包含姓名、证件号、手机号、详细地址等身份信息。
  • 严格脱敏:在发送至任何模型/接口前,会对可识别个人身份的信息进行脱敏/去标识化处理(如姓名、证件号、手机号、详细地址、人脸/影像等)。仅传递脱敏后的必要信息用于本次 skill 调用。
  • 不做本地持久化:不将用户输入与中间结果写入本地持久化存储(包含磁盘文件、数据库、日志)。仅在内存中短暂处理;本次调用结束即销毁
  • 第三方 API 风险提示:在功能需要时,可能会调用第三方模型/服务接口;此时仅会发送脱敏后的必要信息,并使用加密传输。除完成本次请求外,不用于任何其他用途(如训练、画像、营销)。
  • 医疗边界:本技能输出为文本抽取与结构化结果,不构成医疗诊断或治疗建议;如涉及临床判断请以执业医生意见为准。

输入格式

纯文本病历(UTF-8),可包含如下分段:

主诉:…… 现病史:…… 既往史:…… 婚育史:…… 月经史:…… 个人史:…… 家族史:…… 查体:…… 辅助检查:…… 诊断:…… 处理:……

快速开始

# 从 skills 目录运行
python3 scripts/struct_followup_record.py \
  --input data/med-followup-record-struct/followup_record.txt

参数说明

  • --input PATH
    • 输入复诊病历文本路径(UTF-8)。
  • --output PATH
    • 输出结构化 JSON 路径(默认:../runs/med-followup-record-struct/structured.json)。
  • --timeout SECONDS
    • 超时秒数;0 表示一直等待(默认:0)。
  • --diag-id STRING
    • 对话/就诊 ID(默认:skill-diag)。
  • --department STRING
    • 科室(可选)。

输出约定

  • 输出为 UTF-8 JSON,key 形如 现病史.病情概述现病史.药物既往史.疾病诊断处理意见.药物 等。
  • 未提及字段在服务支持的情况下可能填充为“未提及”。

测试命令

skills 目录执行(网络自测):

python3 self_tests/med-followup-record-struct/self_test_followup_record_struct.py --run-network

Comments

Loading comments...