Medical Scribe (Dictation)

What to consider before installing or running this skill: - Privacy / PHI: This skill’s code and documentation indicate it can call external LLMs (OpenAI/Anthropic) and STT libraries. If you process patient data, assume that transcriptions or SOAP notes could be sent to third-party APIs unless you verify a local-only mode. Do not run with real PHI on third-party endpoints unless you have an explicit HIPAA-compliant contractual arrangement and have validated the endpoint’s handling of PHI. - Missing credential declarations: The registry metadata lists no required environment variables, but requirements and SKILL.md imply use of OpenAI/Anthropic which typically need API keys (e.g., OPENAI_API_KEY, ANTHROPIC_API_KEY). Confirm which credentials the script will read before providing them. - Review the code before use: Inspect scripts/main.py for network calls, logging, or file-write locations (where transcripts/notes are stored). The audit JSON bundled with the package reports a prior review, but you should still run python -m py_compile scripts/main.py and read the source to confirm behavior (and to find where API keys are used). - Prefer local processing for sensitive data: If you need to process PHI, prefer local STT (faster-whisper) and local model inference or an enterprise/HIPAA-compliant hosted LLM. If using public LLM APIs, redact identifiers or obtain institutional approval. - Dependency consistency: SKILL.md references faster-whisper (optional) but requirements.txt lists 'whisper'. Decide which STT backend you will install and adjust dependencies accordingly. - If you lack the ability to audit code or enforce PHI protections, treat this skill as risky for real patient data. If you proceed, test with synthetic or de-identified data first and limit API credentials to least-privilege accounts.