unisound-hypertension-missing-bp

ReviewAudited by ClawScan on May 16, 2026.

Overview

This skill appears purpose-aligned for medical record quality checking, but it sends selected clinical text to an external LLM with an API key and users should avoid optional local saving unless intended.

Install only if you are comfortable sending de-identified outpatient record text to the configured HiVoice MaaS endpoint. Keep the app key private, avoid changing the API base URL to an untrusted service, and do not use --save-prepared with identifiable records unless you intend to leave a local copy.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI07: Insecure Inter-Agent Communication

What this means

Clinical record content may leave the local environment and be processed by the configured LLM provider.

Why it was flagged

The selected medical record fields are placed into chat messages and POSTed to the configured HiVoice-compatible LLM API.

Skill content

url = f"{base.rstrip('/')}/chat/completions" ... payload = {"model": model, "messages": messages, "temperature": 0}

Recommendation

Use only de-identified records, verify the provider endpoint before running, and review the provider's data handling requirements.

Low

#ASI03: Identity and Privilege Abuse

What this means

Anyone who obtains the app key may be able to use the associated HiVoice MaaS access.

Why it was flagged

The skill uses a user-provided app key as a bearer token for the LLM API. This is expected for the integration, but it is still sensitive credential handling.

Skill content

headers = {"Authorization": f"Bearer {appkey}"}

Recommendation

Provide the app key only at runtime, do not store it in shared files or command history if avoidable, and do not change --base to an untrusted endpoint.

Low

#ASI09: Human-Agent Trust Exploitation

What this means

If --save-prepared is used, preprocessed medical record text may remain on disk after the run.

Why it was flagged

The documentation generally says inputs and intermediates are not persisted, but also documents an explicit debug option that saves preprocessed input text.

Skill content

不做本地持久化：不将输入与中间结果写入本地持久化存储 ... --save-prepared：保存预处理后的文本，便于调试。

Recommendation

Do not enable --save-prepared for identifiable records unless local persistence is acceptable, and delete generated debug files when no longer needed.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Using run.py for PDF/Office/table inputs depends on the trustworthiness of the local shared preprocessing code.

Why it was flagged

The multi-format entry point relies on a shared preprocessing helper outside the provided file manifest, so that helper's behavior is not reviewable from these artifacts.

Skill content

`scripts/run.py` 依赖 **`_shared/doc-preprocess`**（`preprocess.py`），须位于仓库 `skills/` 根下。

Recommendation

Verify the _shared/doc-preprocess helper before using multi-format preprocessing, or use the simpler text-only emr_qc.py path with trusted input.