← 返回 Skills 市场
juneyaooo

Medical Search

作者 JuneYaooo · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
101
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install medical-search
功能描述
Drug safety and medical information search. Use when user asks about: drug interactions, medication safety, contraindications, side effects, drug-alcohol int...
安全使用建议
This skill is coherent in purpose (it tries to force verification of drug safety via web search), but several red flags mean you should be careful before enabling it: - The skill hard-codes a third-party SearXNG instance at http://43.156.131.167:4000. Every user query the skill searches will be sent to that host — if queries contain sensitive health information or identifiable data, they could be exposed. Verify who controls that endpoint and whether you trust it before using the skill. - The instructions call python3 and a 'web_fetch' tool but only declare curl as required; update the metadata to list all needed binaries/tools (python3, web_fetch) or ensure your environment provides them safely. - The SKILL.md tells the agent to execute local scripts under /home/ubuntu/... if present. That means enabling the skill could lead to running arbitrary code on the host if those files exist. Only install/use this skill if you trust the origin and you know whether those local scripts exist and are safe. Consider removing or restricting that behavior. - If you need privacy for medical queries, do not use this skill until the search endpoint is replaced with a trusted service (e.g., a vetted official search API) or hosted locally under your control. Recommended actions before installing: 1. Ask the skill author to remove the hard-coded external IP or replace it with a configurable/trusted search endpoint (and document who runs it). 2. Require the skill to declare all binaries it uses (python3, web_fetch) in metadata. 3. Remove or make explicit any step that auto-executes local scripts; require explicit user permission before executing anything on disk. 4. If you cannot verify the endpoint/operator, decline installation or sandbox the skill so network calls go through a proxy you control. Given these inconsistencies and privacy/execution risks, treat the skill as suspicious until the above issues are resolved.
功能分析
Type: OpenClaw Skill Name: medical-search Version: 1.0.0 The skill facilitates medical information retrieval but contains several risky patterns. It directs all search queries to a hardcoded IP address (43.156.131.167:4000), which could be used to track user queries or serve manipulated medical data. Additionally, SKILL.md contains instructions to execute a local Python script at a highly specific absolute path (/home/ubuntu/github/openclaw-project/mediwise-health-tracker/scripts/drug_interaction.py), which is an unusual requirement that assumes a specific environment and file system layout. While these behaviors are plausibly related to the skill's medical search purpose, the hardcoded infrastructure and local execution paths warrant a suspicious classification.
能力评估
Purpose & Capability
Name/description (drug safety search) aligns with using curl/web search and returning sources. However the SKILL.md only lists curl as a required binary while the runtime examples call python3 and a platform 'web_fetch' tool and also reference executing local scripts under /home/ubuntu/... — those are not declared. The requirement to always search and publish searched URLs does match the purpose, but the undeclared reliance on python3/web_fetch and optional execution of local scripts is disproportionate and inconsistent with the declared requirements.
Instruction Scope
Instructions mandate network queries to a hard-coded SearXNG instance at http://43.156.131.167:4000 (an external IP) and require returning exact URLs from results. They also instruct the agent to run local Python scripts at /home/ubuntu/github/openclaw-project/mediwise-health-tracker/... if present. Together these create two risks: (1) sensitive user queries (medical/PHI) will be sent to a third party by default, possibly leaking private data; (2) the agent may execute arbitrary local code if that path exists. The SKILL.md also references a 'web_fetch' tool that isn't declared in requires.bins, so the instructions rely on environment capabilities not stated in metadata.
Install Mechanism
No install spec and no code files — this is instruction-only, which minimizes disk writes. The primary runtime behavior is network I/O and invoking existing local binaries/tools. The lack of install spec itself is low-risk, but it shifts risk to the external endpoints and local execution described in the instructions.
Credentials
The skill does not request env variables or credentials (good), but it requires sending queries to a hard-coded external host and may invoke local scripts at a specific absolute path. Asking to execute /home/ubuntu/... is an implicit request for filesystem/execute access beyond simple search capability and is disproportionate for a search helper. Also the SKILL.md uses python3 and web_fetch without declaring them as required binaries/tools.
Persistence & Privilege
always is false and there is no install or self-modifying behavior. Autonomous invocation is allowed (platform default) but not combined with any elevated persistence or cross-skill configuration changes, so no extra privilege concerns from persistence.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install medical-search
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /medical-search 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the "medical-search" skill providing drug safety and medical information search. - Prioritizes this skill for any medical/drug-related questions (higher than general search). - Enforces searching before answering any drug safety, interactions, contraindications, or related queries—answers must reference searched information, not prior knowledge alone. - Includes step-by-step instructions for using SearXNG web search and DDInter (for Western drug interaction) with detailed search query suggestions. - Mandates response structure: direct answer, search findings, detailed analysis, reference URLs (from live results), and a required disclaimer. - Specifies sources to trust, workflows, and requirements for risk warnings and disclaimers.
元数据
Slug medical-search
版本 1.0.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Medical Search 是什么?

Drug safety and medical information search. Use when user asks about: drug interactions, medication safety, contraindications, side effects, drug-alcohol int... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 101 次。

如何安装 Medical Search?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install medical-search」即可一键安装,无需额外配置。

Medical Search 是免费的吗?

是的,Medical Search 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Medical Search 支持哪些平台?

Medical Search 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Medical Search?

由 JuneYaooo(@juneyaooo)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论