📦 Doctor Workbench Assistant — 医生工作台
v0.1.0一键整理患者信息、时间线、检验趋势与待办,自动生成随访草稿,为医生提供即时决策支持。
0· 87·0 当前·0 累计
by 下载技能包
最后更新
2026/3/27
安全扫描
OpenClaw
可疑
high confidenceThe skill's described purpose (summarize patient data and generate follow-up tasks) is plausible, but the runtime instructions access a local file path and call a local reporting endpoint without declaring those resources or describing PHI safeguards — this mismatch is concerning.
评估建议
Before installing, confirm where the skill will read patient data and where it will send reports. The SKILL.md hardcodes /home/ubuntu/workspace/demo/mock_data/doctor_demo.json and posts to http://localhost:5001 but the skill metadata does not declare these paths/endpoints. Ask the publisher to (1) declare required config paths or environment variables for the data file and reporting endpoint, (2) explain and enforce de-identification and logging/consent controls for PHI, and (3) provide a config...详细分析 ▾
⚠ 用途与能力
The skill claims to summarize patient records and generate follow-up tasks, which legitimately requires reading patient data. However, the SKILL.md hardcodes a specific filesystem path (/home/ubuntu/workspace/demo/mock_data/doctor_demo.json) and localhost reporting endpoint (http://localhost:5001) while the skill metadata declares no required config paths, endpoints, or credentials. The metadata and instructions are not aligned.
⚠ 指令范围
Runtime instructions instruct the agent to: 1) POST status messages to localhost:5001, and 2) read a local JSON file containing patient data and present de-identified info. These steps access potentially sensitive PHI and an external (local) endpoint. The SKILL.md does not define how de-identification is performed, how to validate the file, nor any limits on what else may be read; it also lacks guidance about consent, logging, or secure handling.
✓ 安装机制
This is an instruction-only skill with no install spec or bundled code, so no files are written or third-party packages installed by the skill itself.
⚠ 凭证需求
The skill requests no environment variables or credentials, yet its instructions require filesystem access to a specific path and the ability to call a local HTTP service. Those resource requirements are not declared; reading patient data is sensitive and should be justified and scoped via explicit config (e.g., declared config paths or env vars for data location and report endpoint).
✓ 持久化与权限
The skill is not always-enabled and does not request elevated persistence. It is user-invocable and can run autonomously per platform defaults — not itself a red flag, but combine with the other concerns about data access.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/3/27
initial publish
● 无害
安装命令
点击复制官方npx clawhub@latest install agentic-doctor-assistant
镜像加速npx clawhub@latest install agentic-doctor-assistant --registry https://cn.longxiaskill.com