unisound-surgery-sufficiency-review
WarnAudited by ClawScan on May 15, 2026.
Overview
The skill matches its medical review purpose, but it needs review because credential handling, package provenance, and sensitive medical record persistence/transmission controls are not cleanly bounded.
Install only if you trust the publisher and can verify the source. Confirm that no real database secret is embedded, require secrets to be supplied through a managed mechanism, de-identify patient records before use, avoid `--save-prepared` unless local storage is acceptable, and use `--no-llm` when medical record text must remain offline.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users cannot easily verify that the packaged code corresponds to the published skill identity or the claimed publisher.
This embedded package metadata conflicts with the registry owner, slug, and published timestamp shown for the evaluated skill, creating an artifact provenance mismatch.
"ownerId": "kn76wejkeqxfc03j0rfxp2jaj982m7aa", "slug": "doctor.icd-drg.surgery-sufficiency-review", "publishedAt": 0
Verify the publisher and source before installation, and require the package metadata, registry metadata, and published source to match.
A published skill may expose or depend on database credentials the user cannot rotate, scope, or inspect; if real credentials are present, they could grant unintended database access.
The code contains hardcoded database connection/account fields, and the registry metadata declares no primary credential or required environment variable for this access.
HARDCODED_DATABASE = DatabaseSettings(host="10.10.20.15", port=15432, name="medical_coding_auditdb", user="audituser", password="REPLACE_WITH_STRONG_PASSWORD")
Remove hardcoded credentials, use environment/secret-manager configuration, declare required credentials in metadata, and restrict the database account to read-only access to the needed guideline table.
A user may rely on the no-persistence claim and accidentally write sensitive patient record text to local storage.
The privacy statement says no local persistence, but the documented CLI option saves prepared medical record text locally.
- **不做本地持久化**:本技能不把请求体、中间结果或审核结果写入本地文件或数据库。 ... `--save-prepared`:可选。保存预处理后的病历文本
Clarify that no persistence applies only when save/output flags are not used, add explicit warnings for sensitive records, and avoid recommending --save-prepared in quick-start examples.
Patient records or other clinical text may leave the local environment unless the user disables LLM use or de-identifies inputs.
The skill discloses that clinical record content may be sent to an internal LLM provider by default, with an offline fallback available.
默认使用内部医疗大模型生成依据充分性判断;鉴权 `appkey` 必须由调用方传入。如需完全离线规则回退,可传 `use_llm=false`。
Use de-identified records, confirm the LLM provider and data-processing terms are acceptable, and use `--no-llm` or `use_llm=false` when external processing is not allowed.
The skill may execute unreviewed local shared code when processing medical documents.
The runtime depends on a shared preprocessing module outside the provided file manifest, so part of the document parsing behavior is not visible in this package.
PREPROCESS_DIR = SKILLS_ROOT / "_shared" / "doc-preprocess" / "scripts" ... from preprocess import PreprocessError, SUPPORTED_FILE_TYPES, detect_input_type, load_input_artifact
Package or pin the preprocessing dependency, include it in review artifacts, and verify it does not persist or transmit sensitive records unexpectedly.