← 返回 Skills 市场
cryptoreumd

MedCrypt: End-to-End Encryption for Medical Messaging

作者 CryptoReuMD · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
118
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install medcrypt
功能描述
Encrypts medical data client-side with AES-256-GCM for secure messaging on Telegram/WhatsApp, ensuring HIPAA, GDPR, and LFPDPPP compliance.
安全使用建议
What to consider before installing/using this skill: - Functional expectations: The package supplies local encryption primitives and a wire format, but it does NOT include Telegram/WhatsApp integration, QR-code generation/parsing, or automated transport. If you expect an out-of-the-box messaging integration, this is not it. - Incomplete / buggy implementation: The provided medcrypt.py excerpt contains issues you should resolve before trusting it in production (for example, use of datetime.UTC, which is not a standard attribute in Python's datetime module, and the file appears truncated around the share-recovery function). Test the script in an isolated environment first. - Provenance and compliance claims: The source and homepage are unknown. Legal claims like 'HIPAA/GDPR compliant' cannot be verified from the code alone—compliance depends on deployment, operational controls, and organizational practices. Do not rely on this claim without legal/security review. - Cryptography review: While primitives appear sensible (AES-GCM, PBKDF2, CSPRNG), cryptographic correctness and side-channel/security details matter (deterministic salt derivation from the secret, iteration count impact, correct zeroization semantics, correctness of the Shamir implementation). If you plan to use this for real patient data, have a qualified crypto/security engineer review the full code or prefer well-vetted libraries/protocols. - No network exfiltration detected in the provided excerpt, but verify the rest of the file: ensure no hidden endpoints, logging to disk, or secret exfiltration is present before running with real data. - Operational recommendations: run the script in an isolated environment, perform a code review (complete file), add explicit tests for key exchange and recovery, and do not use for protected health information in production until reviewed and integrated with a secure transport layer and audited operational procedures.
功能分析
Type: OpenClaw Skill Name: medcrypt Version: 1.0.0 The MedCrypt skill bundle is a well-implemented cryptographic utility for medical data encryption using AES-256-GCM and PBKDF2. The code in medcrypt.py follows security best practices, including constant-time comparisons, memory zeroization, and Shamir's Secret Sharing for emergency recovery, with no evidence of data exfiltration, malicious execution, or prompt injection.
能力评估
Purpose & Capability
The description claims end-to-end encryption for messaging on Telegram/WhatsApp and regulatory compliance. The included medcrypt.py implements AES-256-GCM encryption, PBKDF2 key derivation, key rotation, an audit-log abstraction, and Shamir sharing — all consistent with client-side encryption. However, there is no code that integrates with Telegram or WhatsApp, no QR-code generation/parsing code in the package, and no code that implements the stated 'encrypted transport' or compliance controls. The skill appears to provide crypto primitives rather than a full messaging integration.
Instruction Scope
SKILL.md simply instructs: 'pip install cryptography' and 'python medcrypt.py' and describes protocol/operational rules (QR PBKDF2, wire format, key rotation). The instructions are vague and over-broad: they reference QR-code-based key exchange and sending via Telegram/WhatsApp but do not provide code or commands to perform those actions. The medcrypt.py file shown performs local crypto and an in-memory encrypted audit log, but the SKILL.md asks users to 'review these carefully' and lacks operational details (how to supply secrets, how to persist logs, CLI/IO). The runtime instructions therefore give the agent broad discretion without concrete, safe steps.
Install Mechanism
No install spec in the registry; SKILL.md recommends 'pip install cryptography' before running the included Python script. This is a low-risk, standard dependency installation from PyPI. There are no downloads from unknown URLs or archive extraction steps in the metadata.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code excerpt does not reference environment secrets or external credentials. This is proportionate to the provided functionality (local crypto primitives).
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges. The included audit log implementation stores entries in-memory (self.entries) in the shown code; no evidence in the provided excerpt of writing system-wide configuration, other skill settings, or network exfiltration. That said, persistence and transport behavior depends on the rest of the (truncated) file and how users run the script.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install medcrypt
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /medcrypt 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
**Initial release of MedCrypt: End-to-End Encryption for Medical Messaging** - Encrypts patient data (labs, images, clinical notes) using AES-256-GCM before sending over messaging apps. - Ensures compliance with HIPAA, LFPDPPP, and GDPR standards. - Exchange keys via QR code using PBKDF2-derived shared secrets. - Implements regular key rotation (monthly) with 7-day backward compatibility. - Emergency access via 2-of-3 multisig "break-glass" protocol. - Designed to mitigate risks from compromised servers, devices, group members, and subpoenas through client-side encryption and crypto-shredding.
元数据
Slug medcrypt
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

MedCrypt: End-to-End Encryption for Medical Messaging 是什么?

Encrypts medical data client-side with AES-256-GCM for secure messaging on Telegram/WhatsApp, ensuring HIPAA, GDPR, and LFPDPPP compliance. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 118 次。

如何安装 MedCrypt: End-to-End Encryption for Medical Messaging?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install medcrypt」即可一键安装,无需额外配置。

MedCrypt: End-to-End Encryption for Medical Messaging 是免费的吗?

是的,MedCrypt: End-to-End Encryption for Medical Messaging 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

MedCrypt: End-to-End Encryption for Medical Messaging 支持哪些平台?

MedCrypt: End-to-End Encryption for Medical Messaging 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 MedCrypt: End-to-End Encryption for Medical Messaging?

由 CryptoReuMD(@cryptoreumd)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论