← Back to Skills Marketplace

216medsearch

Name: 216medsearch
Author: dddwinter

by DDDWinter · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install 216medsearch

Description

通过内部 API 模糊查询药品名称并返回其通用名，支持准确或模糊匹配。

README (SKILL.md)

216medsearch 技能

描述

通过内部 API 查询药品通用名。当用户询问某个药品的通用名时，使用此技能。

功能

接受药品名称作为参数
通过 http://10.1.23.216:8280/rest/schema/med/query API 进行模糊查询
返回 JSON 格式的结果，判断是否能查到药品的通用名
支持模糊查询（使用 name## 条件）

使用方法

# 查询药品通用名
openclaw exec 216medsearch 环吡酮搽剂

API 参数

condition: name##'药品名称' - 通过药品名称进行模糊查询
propNames: name - 查询 name 字段

返回格式

返回 JSON 格式数据，包含：

查询是否成功
药品信息（包括通用名）
错误信息（如果查询失败）

注意事项

药品名称应该准确，但支持模糊查询
如果药品名称有误或不存在，API 会返回空结果
API token 已内置在工具中，无需额外提供

示例

# 查询环吡酮搽剂的通用名
216medsearch 环吡酮搽剂

# 返回示例:
{
  "success": true,
  "data": [
    {
      "name": "环吡酮搽剂",
      "genericName": "环吡酮胺",
      ...
    }
  ]
}

Usage Guidance

This skill appears functionally correct for querying an internal drug-info API, but it embeds a hard-coded API token in tool.sh. That token is sensitive: if the skill bundle is shared, uploaded, or run in an environment you don't fully control, the token could be exposed or abused. Before installing: (1) ask the provider to remove the token and instead require you to supply a token via an environment variable or a secure secret store; (2) if removing the token isn't possible, treat the token as compromised and rotate it on the API side; (3) only run the skill on hosts that have network access to 10.1.23.216 and are trusted; (4) verify the token's scope/expiry with your API admin and ensure least privilege; (5) consider auditing access logs for the internal API after first use. If you cannot confirm safe handling of the embedded token, avoid installing or sharing this skill.

Capability Analysis

Type: OpenClaw Skill Name: 216medsearch Version: 1.0.0 The skill contains a hardcoded API token (JWT) and targets an internal private IP address (10.1.23.216) in tool.sh, which exposes internal infrastructure credentials. Additionally, the script lacks input sanitization for the medicine name parameter, which is directly interpolated into the curl POST data, creating a risk of parameter injection. These are significant security vulnerabilities, though they appear to be unintentional flaws rather than active malware.

Capability Assessment

✓ Purpose & Capability

Name/description align with implementation: the script issues a POST to http://10.1.23.216:8280/rest/schema/med/query to perform fuzzy name lookup and return JSON. No unrelated services, binaries, or config paths are requested.

ℹ Instruction Scope

SKILL.md and tool.sh confine actions to the stated API call and JSON formatting. The instructions do not read other system files or environment variables. However, SKILL.md explicitly states the API token is built into the tool and the script uses that token on every request — this is an important scope/privilege detail to be aware of.

✓ Install Mechanism

There is no install spec (instruction-only plus a small shell script). No packages are downloaded or extracted; risk from installation mechanism is low.

⚠ Credentials

The skill requires no environment variables but contains a hard-coded API token (a JWT-like string) embedded in tool.sh. Shipping credentials inside the skill is disproportionate: if the skill bundle is shared, backed up, or stored in a repo, that token can be leaked and abused. Also the endpoint is an internal IP (10.1.23.216) so the skill will only work when the agent has access to that network — running this outside the intended network could expose the token to unintended contexts.

✓ Persistence & Privilege

always:false and no declarations of modifying other skills or system-wide config. The skill does not request persistent or elevated platform privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install 216medsearch
After installation, invoke the skill by name or use /216medsearch
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

216medsearch v1.0.0 - 新技能发布：支持通过内部 API 查询药品通用名 - 支持模糊查询药品名称，返回查询结果的 JSON 数据 - 查询失败时返回错误信息 - 无需手动提供 API token，已内置 - 提供详细使用说明和返回格式示例

Metadata

Slug 216medsearch

Version 1.0.0

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is 216medsearch?

通过内部 API 模糊查询药品名称并返回其通用名，支持准确或模糊匹配。 It is an AI Agent Skill for Claude Code / OpenClaw, with 85 downloads so far.

How do I install 216medsearch?

Run "/install 216medsearch" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 216medsearch free?

Yes, 216medsearch is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 216medsearch support?

216medsearch is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 216medsearch?

It is built and maintained by DDDWinter (@dddwinter); the current version is v1.0.0.

More Skills