ClawHub

ECG-AI-Diagnosis

v0.9.1

Analyze ECG signals via heartvoice (心之声) API — single-lead and 12-lead. Automatically selects endpoint based on user intent and responds in the user's langua...

2· 81·0 current·1 all-time
by@yujiecharles
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (ECG analysis via heartvoice) match the files and runtime behavior. The only required secret is HEARTVOICE_API_KEY and the script calls heartvoice API endpoints (api.heartvoice.com.cn) — this is expected for the declared purpose.
Instruction Scope
SKILL.md instructs the agent to read a user-provided local JSON file, detect lead type/language, and run scripts/call_api.py which POSTs the JSON to heartvoice over HTTPS. This is coherent but important: the agent will read local files and transmit potentially sensitive medical data to an external service. The README explicitly notes this data flow.
Install Mechanism
No install spec in registry; the only dependency is the widely used 'requests' Python package listed in requirements.txt. There are no downloads from unknown URLs or archives to extract.
Credentials
Only HEARTVOICE_API_KEY is required and declared as the primary credential. SKILL.md and code only read that env var and user-specified JSON files; there are no unrelated credentials or config paths requested.
Persistence & Privilege
The skill is not always-enabled (always:false) and does not request elevated or persistent system privileges. It does not modify other skills or system configs.
Assessment
This skill is internally consistent: it reads a local ECG JSON file and sends that data (and only that data) to heartvoice's cloud API using the HEARTVOICE_API_KEY. Before installing or using it: - Treat ECG JSON as sensitive health data (PHI). Obtain patient consent and follow applicable laws (HIPAA, GDPR, local medical regulation). - Verify the vendor (https://www.heartvoice.com.cn/aiCloud), review their privacy/processing policies, and confirm TLS endpoints and data retention policies. - Keep HEARTVOICE_API_KEY secret (use env vars, do not paste into chat). Rotate and scope the key if the vendor supports it. - Test first with synthetic or anonymized example data rather than real patient data. - Limit file sizes and confirm the 5 MB client-side check is acceptable for your devices; review any additional logging/telemetry you may have in your environment. - If you require on-prem or non-cloud processing for compliance, do not use this skill. Confidence is high that the package does what it claims; the primary residual risk is privacy/regulatory (sensitive data sent to an external cloud), not covert or unrelated code behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk977j3zrvnp5p3s4n11nxvfr0983zzny

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
EnvHEARTVOICE_API_KEY
Primary envHEARTVOICE_API_KEY

Comments