← Back to Skills Marketplace

MedCrypt: End-to-End Encryption for Medical Messaging

Name: MedCrypt: End-to-End Encryption for Medical Messaging
Author: cryptoreumd

by CryptoReuMD · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

118

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install medcrypt

Description

Encrypts medical data client-side with AES-256-GCM for secure messaging on Telegram/WhatsApp, ensuring HIPAA, GDPR, and LFPDPPP compliance.

Usage Guidance

What to consider before installing/using this skill: - Functional expectations: The package supplies local encryption primitives and a wire format, but it does NOT include Telegram/WhatsApp integration, QR-code generation/parsing, or automated transport. If you expect an out-of-the-box messaging integration, this is not it. - Incomplete / buggy implementation: The provided medcrypt.py excerpt contains issues you should resolve before trusting it in production (for example, use of datetime.UTC, which is not a standard attribute in Python's datetime module, and the file appears truncated around the share-recovery function). Test the script in an isolated environment first. - Provenance and compliance claims: The source and homepage are unknown. Legal claims like 'HIPAA/GDPR compliant' cannot be verified from the code alone—compliance depends on deployment, operational controls, and organizational practices. Do not rely on this claim without legal/security review. - Cryptography review: While primitives appear sensible (AES-GCM, PBKDF2, CSPRNG), cryptographic correctness and side-channel/security details matter (deterministic salt derivation from the secret, iteration count impact, correct zeroization semantics, correctness of the Shamir implementation). If you plan to use this for real patient data, have a qualified crypto/security engineer review the full code or prefer well-vetted libraries/protocols. - No network exfiltration detected in the provided excerpt, but verify the rest of the file: ensure no hidden endpoints, logging to disk, or secret exfiltration is present before running with real data. - Operational recommendations: run the script in an isolated environment, perform a code review (complete file), add explicit tests for key exchange and recovery, and do not use for protected health information in production until reviewed and integrated with a secure transport layer and audited operational procedures.

Capability Analysis

Type: OpenClaw Skill Name: medcrypt Version: 1.0.0 The MedCrypt skill bundle is a well-implemented cryptographic utility for medical data encryption using AES-256-GCM and PBKDF2. The code in medcrypt.py follows security best practices, including constant-time comparisons, memory zeroization, and Shamir's Secret Sharing for emergency recovery, with no evidence of data exfiltration, malicious execution, or prompt injection.

Capability Assessment

ℹ Purpose & Capability

The description claims end-to-end encryption for messaging on Telegram/WhatsApp and regulatory compliance. The included medcrypt.py implements AES-256-GCM encryption, PBKDF2 key derivation, key rotation, an audit-log abstraction, and Shamir sharing — all consistent with client-side encryption. However, there is no code that integrates with Telegram or WhatsApp, no QR-code generation/parsing code in the package, and no code that implements the stated 'encrypted transport' or compliance controls. The skill appears to provide crypto primitives rather than a full messaging integration.

⚠ Instruction Scope

SKILL.md simply instructs: 'pip install cryptography' and 'python medcrypt.py' and describes protocol/operational rules (QR PBKDF2, wire format, key rotation). The instructions are vague and over-broad: they reference QR-code-based key exchange and sending via Telegram/WhatsApp but do not provide code or commands to perform those actions. The medcrypt.py file shown performs local crypto and an in-memory encrypted audit log, but the SKILL.md asks users to 'review these carefully' and lacks operational details (how to supply secrets, how to persist logs, CLI/IO). The runtime instructions therefore give the agent broad discretion without concrete, safe steps.

✓ Install Mechanism

No install spec in the registry; SKILL.md recommends 'pip install cryptography' before running the included Python script. This is a low-risk, standard dependency installation from PyPI. There are no downloads from unknown URLs or archive extraction steps in the metadata.

✓ Credentials

The skill declares no required environment variables, credentials, or config paths. The code excerpt does not reference environment secrets or external credentials. This is proportionate to the provided functionality (local crypto primitives).

✓ Persistence & Privilege

The skill is not always-enabled and does not request elevated privileges. The included audit log implementation stores entries in-memory (self.entries) in the shown code; no evidence in the provided excerpt of writing system-wide configuration, other skill settings, or network exfiltration. That said, persistence and transport behavior depends on the rest of the (truncated) file and how users run the script.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install medcrypt
After installation, invoke the skill by name or use /medcrypt
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

**Initial release of MedCrypt: End-to-End Encryption for Medical Messaging** - Encrypts patient data (labs, images, clinical notes) using AES-256-GCM before sending over messaging apps. - Ensures compliance with HIPAA, LFPDPPP, and GDPR standards. - Exchange keys via QR code using PBKDF2-derived shared secrets. - Implements regular key rotation (monthly) with 7-day backward compatibility. - Emergency access via 2-of-3 multisig "break-glass" protocol. - Designed to mitigate risks from compromised servers, devices, group members, and subpoenas through client-side encryption and crypto-shredding.

Metadata

Slug medcrypt

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is MedCrypt: End-to-End Encryption for Medical Messaging?

Encrypts medical data client-side with AES-256-GCM for secure messaging on Telegram/WhatsApp, ensuring HIPAA, GDPR, and LFPDPPP compliance. It is an AI Agent Skill for Claude Code / OpenClaw, with 118 downloads so far.

How do I install MedCrypt: End-to-End Encryption for Medical Messaging?

Run "/install medcrypt" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is MedCrypt: End-to-End Encryption for Medical Messaging free?

Yes, MedCrypt: End-to-End Encryption for Medical Messaging is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does MedCrypt: End-to-End Encryption for Medical Messaging support?

MedCrypt: End-to-End Encryption for Medical Messaging is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created MedCrypt: End-to-End Encryption for Medical Messaging?

It is built and maintained by CryptoReuMD (@cryptoreumd); the current version is v1.0.0.

More Skills