← Back to Skills Marketplace
1035
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install mentx-doctor
Description
基于提出的医疗相关问题,通过 api上传医疗相关图片和文字(表征、内窥镜影像、X光、CT、MRI、超声、心电、各类检测报告等),获取专业医疗辅助决策报告支持。
Usage Guidance
This skill appears to do what it says (send text/images to Mentx API and return a report) but has two important red flags: (1) the registry metadata fails to declare the required MENTX_API_KEY even though SKILL.md and scripts require it — confirm where that key comes from and whether you trust the developer and key handling; (2) the skill uploads medical images/reports (sensitive personal health information) to an external host (developer.mentx.com). Before installing, verify the vendor/domain and their privacy/retention policy, ensure you have user consent to transmit PHI, avoid putting a long-lived production API key in global shell startup files (use limited-scope or ephemeral keys), and consider testing with non-sensitive data first. If you cannot verify the service's identity and data handling, do not provide real patient data or your primary API key.
Capability Analysis
Type: OpenClaw Skill
Name: mentx-doctor
Version: 2.0.0
The skill bundle contains a critical shell injection vulnerability in `scripts/mentx-api.sh`. User-supplied medical descriptions and messages are passed as command-line arguments and expanded within a shell heredoc without sanitization, allowing for arbitrary command execution (RCE) on the host system. While the script's logic and the instructions in `SKILL.md` appear aligned with the stated purpose of medical reporting via `developer.mentx.com`, the implementation is dangerously insecure and allows for potential exploitation by a user providing crafted input.
Capability Assessment
Purpose & Capability
The SKILL.md and scripts clearly require an API key (MENTX_API_KEY) to call developer.mentx.com, but the registry metadata lists no required environment variables/primary credential. That mismatch is significant: a skill described as 'instruction-only' / no envs in registry in fact needs a secret to function. Also SKILL.md claims Version 1.0.0 while registry shows 2.0.0 — metadata inconsistencies reduce trust.
Instruction Scope
Instructions stay within the stated purpose (immediate empathic reply, then asynchronously upload text/images to Mentx API and poll for a report). However the runtime behavior involves uploading user-supplied medical images/reports (PHI) to https://developer.mentx.com, storing responses temporarily in /tmp, and running background curl jobs. Those are coherent with the purpose but have privacy and data-handling implications that are not addressed in the skill (no explicit consent, retention, or privacy policy text included).
Install Mechanism
There is no install spec (instruction-only), which is low risk, but the repository includes an executable shell script (scripts/mentx-api.sh) that the agent will call at runtime. That means code will run on the host when invoked even though nothing is declared to be installed—this is expected but worth noting.
Credentials
The skill requires an API key (MENTX_API_KEY) to contact the external Mentx API, which is appropriate for a third‑party service. The problem is the registry metadata did not declare this required credential. Requiring a secret without declaring it is an incoherence and a user-safety concern. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges. It runs short-lived background tasks and writes temporary files to /tmp only. It does not modify other skills or system-wide agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mentx-doctor - After installation, invoke the skill by name or use
/mentx-doctor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
新增异步任务流程,等待期间可提供情绪陪伴,支持轮询检查
v1.0.1
- No code or functional changes in this version.
- Documentation and metadata updates only.
v1.0.0
- Initial release providing AI-powered healthcare decision support based on user-uploaded images (like X-rays, CT, reports) and text descriptions.
- Integrates with Mentx API for file upload and medical report generation.
- Supports both image+text and text-only medical question inputs.
- Adds privacy protection, mandatory medical disclaimer, and emergency detection prompts.
- Chinese mainland user access only; requires MENTX_API_KEY.
- Limits: up to 10 images per session, no real-time video diagnosis, typical report in 10–30 seconds.
Metadata
Frequently Asked Questions
What is Mentx Doctor 医疗助手?
基于提出的医疗相关问题,通过 api上传医疗相关图片和文字(表征、内窥镜影像、X光、CT、MRI、超声、心电、各类检测报告等),获取专业医疗辅助决策报告支持。 It is an AI Agent Skill for Claude Code / OpenClaw, with 1035 downloads so far.
How do I install Mentx Doctor 医疗助手?
Run "/install mentx-doctor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Mentx Doctor 医疗助手 free?
Yes, Mentx Doctor 医疗助手 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Mentx Doctor 医疗助手 support?
Mentx Doctor 医疗助手 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Mentx Doctor 医疗助手?
It is built and maintained by Mentx.com (@dj801117); the current version is v2.0.0.
More Skills