unisound-diagnosis-sufficiency-review
WarnAudited by ClawScan on May 15, 2026.
Overview
This medical-review skill is mostly purpose-aligned, but it should be reviewed before use because it hardcodes database credential configuration and sends sensitive case content to an LLM provider by default.
Before installing, confirm who operates the PostgreSQL database and LLM endpoint, require proper secret management instead of hardcoded database credentials, de-identify medical records, and avoid `--save-prepared` or output-file options unless you intentionally want local copies of sensitive case data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may rely on embedded or manually edited database credentials, which can expose or misuse an internal database account and makes credential rotation and permission scoping unclear.
The source embeds database connection fields, including a password field, and the static scan separately flagged this area as an exposed-secret pattern. Even if the visible password is a placeholder, credential handling is hardcoded rather than declared through a scoped secret/config mechanism.
HARDCODED_DATABASE = DatabaseSettings(
host="10.10.20.15",
port=15432,
name="medical_coding_auditdb",
user="audituser",
password="REPLACE_WITH_STRONG_PASSWORD",
)Move database credentials to a declared secret or environment variable, document the required database permissions, ensure the account is read-only and narrowly scoped to the guideline table, and remove any real secrets from the package history.
Medical record text may be transmitted to the configured LLM provider unless the user disables LLM use.
The skill discloses that it sends case content to an internal medical LLM by default and requires a bearer-style appkey, with an offline fallback only when disabled.
默认使用内部医疗大模型生成依据充分性判断;鉴权 `appkey` 必须由调用方传入。如需完全离线规则回退,可传 `use_llm=false`。
De-identify records before use, verify the LLM endpoint and data-retention policy, and use `--no-llm` or `use_llm=false` when external processing is not acceptable.
A user may overestimate the no-persistence guarantee and accidentally save sensitive medical text or review results locally.
The privacy statement says the skill does not persist data, but the same documentation describes user-directed options that save result JSON and prepared medical text.
不做本地持久化:本技能不把请求体、中间结果或审核结果写入本地文件或数据库。 ... `--output-json PATH`:可选。保存响应 JSON ... `--save-prepared`:可选。保存预处理后的病历文本
Clarify that there is no local persistence by default, but `--output-json`, `--output`, and `--save-prepared` intentionally write files. Warn users not to enable these options for sensitive records unless the output location is appropriate.
The skill may fail if the shared module is absent, or it may execute preprocessing code whose exact behavior is outside this artifact set.
The CLI imports a preprocessing module from a shared directory outside the included file manifest, so part of the document-processing behavior is not present in the reviewed package.
PREPROCESS_DIR = SKILLS_ROOT / "_shared" / "doc-preprocess" / "scripts"
if str(PREPROCESS_DIR) not in sys.path:
sys.path.insert(0, str(PREPROCESS_DIR))
from preprocess import PreprocessError, SUPPORTED_FILE_TYPES, detect_input_type, load_input_artifactPackage or pin the preprocessing dependency, declare it in installation requirements, and make the reviewed artifact set include all code that processes user medical files.