medical-qa
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user's symptoms, medication questions, or report details may leave the local agent environment and be processed by the external medical QA service.
The code sends the user's medical question to an external provider. This is central to the skill and is described in SKILL.md, but health questions can be sensitive and the artifacts do not describe provider retention or privacy boundaries.
url = "https://shangbao.yunzhisheng.cn/skills/medical-qa/unisound_zhiyi_service" ... input_data = {"query": query} ... requests.post(url, headers=headers, json=input_data, timeout=600)Avoid including names, ID numbers, contact details, or other unnecessary identifiers in medical questions; review the provider's privacy terms if available.
Users could over-rely on generated medical answers if they miss or ignore the caveats.
The skill presents answers as reliable medical information, which can increase user trust, while also including an explicit caveat that it cannot replace professional diagnosis.
专业可靠:基于权威医学知识库提供准确信息 ... 明确告知用户不能替代专业医疗诊断
Treat the skill as educational support only, and seek professional medical care for diagnosis, treatment decisions, severe symptoms, or emergencies.