unisound-chief-complaint-diagnosis-inconsistent
PassAudited by ClawScan on May 15, 2026.
Overview
This appears to be a focused medical-record quality-check skill, but it sends selected record fields to an external HiVoice model using an app key, so users should de-identify records and protect credentials.
Use this skill only if HiVoice MaaS is approved for your medical-record workflow. De-identify records before running it, protect the app key, verify the base URL, avoid `--save-prepared` unless you intentionally want a local debug copy, and make sure a qualified clinician reviews the result.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Chief complaint and diagnosis-related text may leave the local environment and be processed by the configured model provider.
The skill sends LLM messages derived from the medical record to an external HiVoice MaaS chat-completions endpoint. This is disclosed and purpose-aligned, but it is still a sensitive medical-data flow.
DEFAULT_LLM_BASE = "https://maas-api.hivoice.cn/v1" ... url = f"{base.rstrip('/')}/chat/completions" ... resp = _http_post(url, payload, headers, timeout=timeout)Use only approved provider endpoints, verify the --base URL before running, and de-identify medical records before submission.
The app key may grant access to the medical model service and should be treated as a secret.
The skill requires a provider app key for authentication. This is expected for the stated LLM integration, but the registry metadata does not declare a primary credential.
`--appkey STRING`:**必填**。调用内部医疗大模型的鉴权 key,由平台分配;**不得写入仓库**。
Use a least-privileged key, do not commit it to files, and avoid exposing it in shell history, process listings, or logs.
Running the multi-format entry point depends on local shared code that was not reviewed here.
The multi-format runner imports a shared preprocessing module outside this skill’s manifest. The dependency is disclosed in SKILL.md and is purpose-aligned, but its code is not included in the reviewed artifacts.
_preprocess_dir = SKILLS_ROOT / "_shared" / "doc-preprocess" / "scripts" ... sys.path.insert(0, s) ... from preprocess import ...
Ensure `_shared/doc-preprocess` is present and trusted, or use the included text-only entry point with already-prepared UTF-8 text.
A user who enables the debug option may store preprocessed medical text locally despite the general no-persistence statement.
The documentation broadly says inputs and intermediate results are not persisted, while also documenting an optional debug flag that saves preprocessed text. Because it is user-directed and disclosed, this is a notice rather than a concern.
不做本地持久化:不将输入与中间结果写入本地持久化存储 ... `--save-prepared`:保存预处理后的文本,便于调试。
Do not use `--save-prepared` with identifiable patient data unless local storage is approved, and treat saved debug files as sensitive.
A maliciously written or unusual record could cause an incorrect `无缺陷` or `有缺陷` result.
Untrusted record content is interpolated directly into LLM prompt messages. This is central to the skill’s function, but crafted record text could influence the model’s classification.
cc_has_loc = llm([sys_msg(f"""... 请对下面的主诉进行判断\n{cc}""")])Treat the output as advisory, keep clinician review in the workflow, and consider stronger input delimiting and output validation.