📦 Medical Report Query — 技能工具
v1.0.0醫療報表查詢技能 - Oracle/SQLServer醫療資料庫報表查詢與分析。適用於診所、社區醫院的日常營運報表需求。觸發詞:報表、查詢、門診、住院、藥品、醫保、統計。
0· 27·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
medium confidenceThe skill claims to perform Oracle/ERP database report queries but provides no connection/credential requirements or concrete runtime steps, which is incoherent and could lead to unexpected access patterns or data exposure.
评估建议
This skill's purpose (querying medical databases) normally requires explicit connection details, credentials, and strong safeguards for protected health information (PHI). Before installing or enabling it: 1) Ask the author how DB connections are provided and insist they document required env vars (DB_HOST, DB_PORT, DB_NAME, DB_USER, DB_PASSWORD or an approved secret-store integration). 2) Require the skill to declare the least-privilege accounts it needs and to avoid storing credentials in plai...详细分析 ▾
⚠ 用途与能力
The skill's purpose is to query Oracle/SQLServer (and an 'ERP 庫 LXls') databases and produce medical reports. However, there are no declared environment variables, credentials, connectors, or instructions for how the agent should connect to those databases. A DB-reporting skill would normally require connection strings, DB credentials, or at least a clearly documented integration mechanism.
ℹ 指令范围
SKILL.md is high-level and describes report types and example prompts but contains no concrete runtime instructions for making database connections, forming or validating SQL, or enforcing safe handling of PHI/PII. It does warn that sensitive data must be de-identified, but gives no mandated procedure. The instructions are vague, leaving broad discretion to the agent (e.g., how to build/execute queries and where to run them).
✓ 安装机制
No install spec and no code files are present (instruction-only). This minimizes supply-chain risk because nothing will be downloaded or written to disk by the skill itself.
⚠ 凭证需求
No environment variables, primary credential, or config paths are declared despite the skill's need to access databases containing sensitive medical data. The absence of declared credentials is unexpected and makes it unclear how sensitive connections/credentials would be supplied or protected, which is disproportionate for a DB-reporting capability.
✓ 持久化与权限
The skill is not always-enabled and does not request persistent or elevated platform privileges. Autonomous invocation is allowed by default (normal) but is not combined with other privilege escalations.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/16
Initial release: Medical report query skill for clinics and community hospitals
● 无害
安装命令
点击复制官方npx clawhub@latest install medical-report-query
镜像加速npx clawhub@latest install medical-report-query --registry https://cn.longxiaskill.com镜像同步中
技能文档
醫療報表智能查詢技能,專為診所和社區醫院設計。
功能
1. 門診報表
- 會員註冊統計
- 醫生工作量統計
- 收費明細查詢
- 科室收入分析
2. 住院報表
- 住院人數統計
- 床位使用率分析
- 出院結算查詢
- 費用結構分析
3. 藥品報表
- 藥品庫存查詢
- 藥品消耗統計
- 採購訂單追踪
- 效期预警
4. 醫保報表
- 醫保結算對帳
- 統籌基金統計
- 自付比例分析
使用方式
門診統計:
查詢本月門診人數統計
藥品庫存:
查詢某藥品的庫存情況
醫保對帳:
生成本月醫保結算對帳單
支援資料庫
- HIS庫:Oracle - 門診/住院/醫保/藥品
- ERP庫:LXls - 會員/績效/庫存
注意事項
- 報表僅供參考,具體數字需與系統核對
- 敏感資料需進行脫敏處理
- 報表格式可自訂(Markdown/Excel/HTML)