← Back to Skills Marketplace
dddwinter

Generic Drug

by DDDWinter · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
89
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install generic-drug
Description
查询药品名称对应的通用名,若无结果则返回原名称,基于本地 SearXNG 搜索结果智能分析识别。
README (SKILL.md)

generic_drug 技能

描述

通过搜索查询药品的通用名。当用户提供药品名称时,尝试查询其通用名。

功能

  • 接受药品名称作为参数
  • 使用 SearXNG 本地搜索服务进行查询
  • 搜索该药品的通用名信息
  • 如果查不到通用名,则默认该名称本身就是通用名

使用方法

# 查询药品通用名
~/.openclaw/workspace/skills/generic_drug/tool.sh \x3C药品名称>

# 示例
~/.openclaw/workspace/skills/generic_drug/tool.sh 乳膏基质一号
~/.openclaw/workspace/skills/generic_drug/tool.sh 头孢克洛胶囊

查询逻辑

  1. 使用 SearXNG 搜索:\x3C药品名称> 药品通用名
  2. 返回原始搜索结果,由当前会话(LLM)智能分析:
    • LLM 基于完整上下文判断通用名
    • 能理解"一般指"、"又称"、"俗称"等多种表述
    • 能区分药品和辅料
    • 能处理复杂情况

返回格式

脚本返回 JSON 格式(包含原始搜索结果):

{
  "drug_name": "药品原始名称",
  "search_count": 搜索结果数量,
  "search_context": "格式化后的搜索结果摘要",
  "note": "需要 LLM 分析"
}

LLM 最终输出格式

{
  "drug_name": "药品原始名称",
  "generic_name": "智能识别的通用名",
  "found": true/false,
  "type": "非药品(可选)",
  "note": "LLM 智能识别/未找到/非药品"
}

配置

  • SearXNG URL: http://localhost:8080
  • 搜索格式: \x3Cquery> 药品通用名
  • 分析方式: 由当前会话 LLM 智能分析搜索结果上下文

注意事项

  • 药品名称应该准确输入
  • 对于非药品(如辅料、基质),可能查不到通用名,将返回原名称
  • SearXNG 服务需要正常运行

示例

# 查询"乳膏基质一号"
$ generic_drug 乳膏基质一号
{
  "drug_name": "乳膏基质一号",
  "generic_name": "乳膏基质一号",
  "found": true,
  "note": "未找到其他通用名,原名称即为通用名"
}

# 查询"头孢克洛胶囊"
$ generic_drug 头孢克洛胶囊
{
  "drug_name": "头孢克洛胶囊",
  "generic_name": "头孢克洛",
  "found": true,
  "note": "查得通用名为:头孢克洛"
}
Usage Guidance
主要关注点: 1) 此技能期望本地运行 SearXNG(http://localhost:8080),仅在可信的本地搜索服务可用时才有意义。确认该服务安全且可访问。 2) tool.sh 实际依赖 curl 和 jq(README 还误提到 python3),但技能元数据未声明这些依赖——在部署前确保系统安装 curl 和 jq,或让技能作者更新元数据。 3) 输入/输出安全:脚本仅把空格替换为 %20,未进行完整 URL 编码;也未对输出做 JSON 转义。攻击者构造的特殊药品名称(包含 &、"、换行等)可能导致查询参数注入或生成无效/可被利用的 JSON。建议在安装前修复脚本,使用正确的 URL 编码(如 printf '%s' "$VAR" | jq -s -R -r @uri 或使用 urlencode 函数)并使用 jq/python 等库安全地构造 JSON。 4) 由于脚本输出包含供 LLM 使用的提示,确认 LLM 环境不会将这些提示与敏感上下文混用。 5) 如果你不打算审查/修复脚本,建议不要运行在含敏感本地服务的环境中;若仅用于个人离线查询且信任本地 SearXNG,则风险较低。
Capability Analysis
Type: OpenClaw Skill Name: generic-drug Version: 1.0.0 The skill contains a shell injection vulnerability in `tool.sh` where the `$DRUG_NAME` input is used within a subshell command (`$(echo ...)`) without sanitization, allowing for arbitrary command execution if a malicious drug name is provided. While the script's intended purpose of querying a local SearXNG instance (http://localhost:8080) appears legitimate, the insecure handling of user input poses a significant security risk.
Capability Assessment
Purpose & Capability
技能声明通过本地 SearXNG 查询药品通用名,实际也仅请求本地 SearXNG 服务,目的与能力总体一致。但元数据声明“无需二进制/环境变量”,而脚本实际依赖 curl 和 jq(README 还提到 python3),出现不一致,应在元数据中声明这些依赖。
Instruction Scope
tool.sh 会将検索结果格式化并把原始摘要与一个供 LLM 使用的提示一起打印,LLM 负责最终识别。脚本对传入的药品名称仅用简单的空格替换为 %20(sed 's/ /%20/g'),未做完整 URL 编码,且在构造 JSON 输出时未对搜索上下文或名称做 JSON 转义,可能导致生成畸形 JSON 或通过特殊字符干扰查询参数(例如注入额外的查询参数)。这是输入编码与输出转义不足的实际安全/可靠性问题。
Install Mechanism
无安装规范(instruction-only + 提供脚本),不会自动把外部可执行档下载到系统,风险较低。但因脚本存在,用户需要手动确保运行环境与依赖。
Credentials
技能不请求任何环境变量或外部凭据,也不访问系统配置路径,所需权限与功能匹配。唯一外部依赖是本地 SearXNG HTTP 服务(http://localhost:8080/search),这是技能说明中明确的。
Persistence & Privilege
没有设置 always:true 或其他在每次代理运行中强制启用的特权;技能不会修改其他技能或系统级配置,权限范围有限。
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install generic-drug
  3. After installation, invoke the skill by name or use /generic-drug
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the generic_drug skill: - Supports querying the generic name of a drug based on user-provided product names. - Uses a local SearXNG search service to find generic name information. - Returns original search results and lets the LLM analyze context for intelligent generic name extraction. - If no generic name is found, returns the original name as the generic name by default. - Outputs results in a structured JSON format for easy interpretation. - Handles drug names, excipients, and complex naming situations intelligently.
Metadata
Slug generic-drug
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Generic Drug?

查询药品名称对应的通用名,若无结果则返回原名称,基于本地 SearXNG 搜索结果智能分析识别。 It is an AI Agent Skill for Claude Code / OpenClaw, with 89 downloads so far.

How do I install Generic Drug?

Run "/install generic-drug" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Generic Drug free?

Yes, Generic Drug is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Generic Drug support?

Generic Drug is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Generic Drug?

It is built and maintained by DDDWinter (@dddwinter); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments