Health Guide
v1.0.1의료/건강 상담 스킬. 10개 인텐트 라우팅(Symptom Check~Beginner Guide), hira-hospital 병원 연계 + 국가건강정보포털 API + 식약처 의약품 API 기반 Flash+Deep-Dive 2겹 리포트. 트리거: "증상", "어디 아파", "진료과"...
⭐ 0· 535·1 current·1 all-time
by김성우@sw326
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared data sources (국가건강정보포털, 식약처) and a hospital-search delegation are coherent with a 'Health Guide' skill. The level of external access requested (APIs + web search fallback) fits the stated functionality. However, the skill references a local hira-hospital skill and on-disk scripts (skills/hira-hospital/scripts/hospital_search.sh and planned scripts in scripts/) that must exist for full behavior; their presence is not guaranteed.
Instruction Scope
Runtime instructions reference running bash scripts (hira-hospital search script, kdca_health.sh, drug_info.sh) and give explicit local file paths for API keys (~/.config/kdca/api_key and ~/.config/data-go-kr/api_key). Those scripts are not included in this package (scripts are marked 'to be implemented' or pending), and the skill's prose implicitly assumes the agent will execute shell commands or call other skills. The instructions also require the agent to detect emergency keywords and to call external connectors (web_search, hira-hospital). Because the agent could be asked to read local config files or run shell commands, this expands the runtime scope beyond just producing text.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled executable code. That minimizes upfront install risk (nothing is downloaded or extracted). The highest-risk actions would occur at runtime if the agent executes referenced scripts or commands, but no automatic install mechanism is present in the package.
Credentials
Metadata declares no required environment variables or config paths, yet SKILL.md and domain_config.yaml instruct users (and implicitly the agent) to place API keys at specific local paths (~/.config/kdca/api_key and ~/.config/data-go-kr/api_key). This mismatch is notable: the skill will (or will be expected to) read local files containing secrets, but that access is not declared in the registry metadata. Requiring API keys for the stated external APIs is reasonable, but any agent behavior that reads those files, transmits them, or executes scripts that use them should be reviewed before enabling.
Persistence & Privilege
The skill does not request permanent/global installation (always:false) and does not declare any special persistent privileges. It appears to operate only when invoked. Autonomous model invocation is allowed (the platform default), which increases impact if the skill were malicious, but there is no evidence here that the skill is trying to force persistent or cross-skill config changes.
What to consider before installing
What to check before installing or enabling this skill:
- Trust the source: the skill's repository/source is unknown. Only enable it if you trust the author (chumjibot) or you inspect the referenced scripts.
- Verify the scripts: the SKILL.md expects bash scripts (kdca_health.sh, drug_info.sh, and a hira-hospital search script). Those scripts are not bundled here; ask for or review their exact code before allowing the agent to execute them. Running arbitrary shell scripts from an untrusted skill can run any command on your system.
- Be cautious with local API keys: the skill asks you to store keys under ~/.config/... . Confirm the skill will only use those keys to query the stated official APIs and will not transmit them elsewhere. Prefer using scoped API keys and rotate them if you test the skill.
- Confirm the hira-hospital dependency: the skill delegates hospital lookups to another skill; ensure that skill exists and is trustworthy.
- Limit autonomous use if concerned: if you don't want the skill invoked without manual approval, disable autonomous invocation or only allow user-invoked runs until you review runtime behavior.
- Ask for missing artifacts: request the implementer provide the actual scripts or an install spec and a privacy/data-flow description (what is sent to external services and whether logs are retained) before deploying widely.
If you cannot review the scripts or confirm the source, treat the skill as potentially unsafe to run with real API keys or on systems with sensitive data.Like a lobster shell, security has layers — review code before you run it.
healthkoreakoreanlatestmedical
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
🏥 Health Guide (의료/건강) 스킬
건강·의료 질문을 10개 인텐트로 분류하고, hira-hospital + 국가건강정보포털 + 식약처 API 기반으로 리포트를 생성한다.
⚠️ 최우선 안전 규칙
응급 징후 감지 시 즉시 119 안내 — 다른 모든 처리보다 우선 징후: 흉통, 호흡 곤란, 의식 저하, 마비, 심한 출혈, 고열(39°C↑) + 경련
인텐트 라우터
| # | 인텐트 | 사용자 표현 예시 | 기본 산출물 |
|---|---|---|---|
| 1 | Symptom Check | "머리가 아파" "어디 가야 해?" | 증상 → 진료과 + 병원 연계 |
| 2 | Find Hospital | "근처 병원 찾아줘" | hira-hospital 호출 |
| 3 | Disease Info | "당뇨가 뭐야?" "고혈압 원인" | 질환 정보 Flash |
| 4 | Drug Info | "타이레놀 용법" "이 약 뭐야?" | 의약품 용법·부작용 |
| 5 | Emergency Guide | "응급인지 모르겠어" "119 불러야 해?" | 응급 판단 + 즉시 안내 |
| 6 | Health Checkup | "건강검진 언제 받아?" | 검진 종류·주기·대상 |
| 7 | Vaccination | "독감 예방접종" "필수 접종" | 접종 일정·대상·방법 |
| 8 | Healthy Living | "혈압 낮추는 법" "건강한 식단" | 생활 습관 가이드 |
| 9 | Mental Health | "번아웃인 것 같아" "우울해" | 정신건강 정보 + 상담 연계 |
| 10 | Beginner Guide | "병원 처음인데" "진료과 뭐가 있어?" | 의료 시스템 입문 |
상세: references/intent_router.md
도구
| 도구 | 용도 | 상태 |
|---|---|---|
hira-hospital 스킬 | 병원 검색 + 진료과·운영시간 | ✅ 동작 |
| 국가건강정보포털 API | 질환·증상·건강 정보 669건 | ⏳ 승인 대기 (키 저장위치: ~/.config/kdca/api_key) |
| 식약처 의약품개요정보 API | 의약품 용법·효능·부작용 | ⏳ 승인 대기 (data.go.kr 기존 키) |
web_search | API 미승인 기간 대체 + 최신 정보 보강 | ✅ 동작 |
출력 구조
- Flash Layer: 항상 출력 (20~40줄)
- Deep-Dive Layer: 명시 요청 시, 또는 Disease Info / Drug Info / Mental Health 인텐트
상세: references/output_templates.md
⚠️ 면책
본 내용은 일반 건강 정보 제공 목적이며, 의학적 진단·처방이 아닙니다. 증상이 지속되거나 악화되면 반드시 의사 진료를 받으시기 바랍니다. 응급 상황 시 즉시 119에 연락하세요.
🔧 Setup
국가건강정보포털 API (질환·증상 정보)
- health.kdca.go.kr → 오픈API 신청
- 키 저장:
mkdir -p ~/.config/kdca && echo "YOUR_KEY" > ~/.config/kdca/api_key
식약처 의약품 API (의약품 정보)
- data.go.kr/15075057 활용신청 (자동승인)
- 키 저장:
mkdir -p ~/.config/data-go-kr && echo "YOUR_KEY" > ~/.config/data-go-kr/api_key
API 미승인 상태에서도
web_search폴백으로 기본 동작합니다.
Files
7 totalSelect a file
Select a file to preview.
Comments
Loading comments…