Dicom Segmentation Api
v1.0.0Deploy and manage medical image segmentation using TotalSegmentator and MONAI with DICOM upload, batch processing, 3D export, and statistics generation.
⭐ 0· 243·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description describe a deployable API, but the package does not include the server code (api_server.py) or requirements.txt referenced by SKILL.md and start.sh. That mismatch means the bundle cannot perform the claimed function as-is and suggests either incomplete packaging or missing external downloads.
Instruction Scope
SKILL.md tells the agent to run python api_server.py and start.sh does exactly that; neither the instructions nor the script ask for unexpected system files or credentials. However start.sh will attempt to import fastapi/torch/monai and, on failure, runs 'pip install -r requirements.txt' (a broad operation) — the script thus has scope to modify the environment and install arbitrary Python packages not provided in the bundle.
Install Mechanism
There is no explicit install spec, but start.sh implicitly installs dependencies via pip from a requirements.txt that is not present. That means the runtime may perform an unreviewed package installation from whatever requirements file exists on the host or fail; automatic pip installs without an included requirements list are disproportionate and risky.
Credentials
The skill declares no required environment variables or credentials, which is appropriate in that nothing obvious requires secrets. However handling DICOM/medical images implies sensitive data (PHI); the package provides no guidance on authentication, encryption, or access controls, and will create an output directory and start a network service—these are operationally significant and should be justified/configured by the user.
Persistence & Privilege
The skill is not marked always:true and does not request persistent platform privileges. The included start.sh writes a local 'output' directory and may install packages, but it does not attempt to modify other skills or global agent config.
What to consider before installing
Do not run this bundle on a production or sensitive host yet. Specific concerns:
- The package is incomplete: api_server.py and requirements.txt referenced by SKILL.md/start.sh are missing. Ask the author for the missing files or source repository before use.
- start.sh will run 'pip install -r requirements.txt' if imports fail; without an included requirements.txt this could install unexpected packages from the host or fail. Only allow installs after reviewing a requirements list and the packages' reputations.
- Because this handles medical (DICOM) data, ensure you run it in an isolated environment (container, VM, or sandbox), enforce TLS and authentication on the API, and review data retention/logging to avoid PHI leaks.
- If you decide to test: run in an isolated VM/container, review or provide the full api_server.py and requirements.txt, pin package versions, and audit network communications and filesystem writes (the script creates an 'output' directory).
Providing the missing server code and a concrete requirements.txt would materially change this assessment toward 'benign' if those files are consistent with the claimed purpose and contain no hidden network endpoints or credential access.Like a lobster shell, security has layers — review code before you run it.
latestvk9752p8rh48bfy9rsp82zj6k11829kjz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.