unisound-literature-retrieval
ReviewAudited by ClawScan on May 15, 2026.
Overview
This is a straightforward medical literature drafting helper that sends user-provided questions and passages to a disclosed medical LLM API, with credential, data-sharing, and provenance notes users should review.
This skill appears coherent and purpose-aligned. Before installing or using it, confirm you trust the publisher and API endpoint, use a protected appkey, and avoid sending patient-identifying or confidential clinical data unless your organization has approved that provider workflow.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Questions, constraints, and pasted abstracts/passages may be shared with the configured medical LLM provider.
The script sends the constructed prompt, including the clinical question and any provided literature passages, to the disclosed model API. This is purpose-aligned, but it means potentially sensitive clinical or research text leaves the local environment.
API_URL = "https://maas-api.hivoice.cn/v1/chat/completions" ... body = _http_post(API_URL, payload, {"Authorization": f"Bearer {appkey}"})Do not include patient identifiers or confidential institutional data unless the API use is approved; confirm the provider’s privacy and retention terms before use.
Anyone with the appkey could potentially use the associated model account or quota.
The skill requires an authentication key for the medical model service. This is expected for the integration and the code only uses it as a Bearer token for the disclosed endpoint, but it is still account authority.
`--appkey STRING`:**必填**。内部医疗大模型鉴权 key。
Use a scoped key where possible, avoid sharing it in logs or transcripts, and rotate it if it may have been exposed.
Users may have less certainty about the package’s publishing lineage or whether it was repackaged under a different registry identity.
The package-internal metadata does not match the registry listing shown for this review, which names a different owner ID and slug. This does not contradict the runtime behavior, but it is a provenance/renaming detail worth noticing.
"ownerId": "kn76wejkeqxfc03j0rfxp2jaj982m7aa", "slug": "doctor.clinical-research.literature-retrieval"
Confirm the publisher and package history if provenance matters for your environment, especially before using production credentials or sensitive clinical text.