unisound-surgery-review
ReviewAudited by ClawScan on May 15, 2026.
Overview
The skill’s medical coding purpose is coherent, but it needs review because database credential handling is hardcoded or under-declared while the skill also processes sensitive medical records through a model service.
Before installing, verify that no real database password is packaged, require database and model credentials to be supplied through secure configuration, de-identify medical records, confirm the model endpoint is approved for the data, and avoid --save-prepared unless local storage of the record text is acceptable.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may inherit or expose a shared database access boundary that is not clearly scoped, revocable, or declared in the registry metadata.
The package embeds database connection details, including a password field, instead of using a declared user-supplied configuration or secret store; the static scan also flagged this area as an exposed secret literal.
HARDCODED_DATABASE = DatabaseSettings(
host="10.10.20.15",
port=15432,
name="medical_coding_auditdb",
user="audituser",
password="REPLACE_WITH_STRONG_PASSWORD",
)Move database host/user/password to declared environment variables or a secure config path, use a least-privilege read-only database account, and verify no real database secret is packaged.
Medical-record content may leave the local environment and be processed by the configured model service unless LLM use is disabled.
The skill sends a prompt containing review context to a model API using a Bearer app key. This is disclosed and purpose-aligned, but the content may include sensitive medical-record text.
DEFAULT_LLM_BASE = "https://maas-api.hivoice.cn/v1" ... "messages": [{"role": "user", "content": prompt}] ... headers={"Authorization": f"Bearer {model_config.api_key}"}De-identify records before use, confirm the model endpoint and data-handling policy, and use the documented offline option when external processing is not acceptable.
A user could misunderstand when sensitive medical text or audit results are written to disk.
The documentation contains an overbroad no-local-persistence statement while also documenting optional local saves of prepared medical text and output JSON.
**不做本地持久化**:本技能不把请求体、中间结果或审核结果写入本地文件或数据库。 ... `--save-prepared`:可选。保存预处理后的病历文本到 `doctor/icd-drg/runs/surgery-review/` 或输出文件所在目录
Clarify the privacy statement to say that no files are written unless the user supplies output flags, and warn that --save-prepared can store sensitive record text.
Document parsing behavior depends on external local shared code that was not included in the provided artifact contents.
The CLI imports preprocessing code from a shared directory outside the listed skill files, so part of runtime behavior is not contained in this package manifest.
PREPROCESS_DIR = SKILLS_ROOT / "_shared" / "doc-preprocess" / "scripts"
if str(PREPROCESS_DIR) not in sys.path:
sys.path.insert(0, str(PREPROCESS_DIR))
from preprocess import PreprocessError, SUPPORTED_FILE_TYPES, detect_input_type, load_input_artifactBundle or explicitly declare the shared preprocessing dependency and its provenance so users can review the full runtime path.