← 返回 Skills 市场
1035
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install mentx-doctor
功能描述
基于提出的医疗相关问题,通过 api上传医疗相关图片和文字(表征、内窥镜影像、X光、CT、MRI、超声、心电、各类检测报告等),获取专业医疗辅助决策报告支持。
安全使用建议
This skill appears to do what it says (send text/images to Mentx API and return a report) but has two important red flags: (1) the registry metadata fails to declare the required MENTX_API_KEY even though SKILL.md and scripts require it — confirm where that key comes from and whether you trust the developer and key handling; (2) the skill uploads medical images/reports (sensitive personal health information) to an external host (developer.mentx.com). Before installing, verify the vendor/domain and their privacy/retention policy, ensure you have user consent to transmit PHI, avoid putting a long-lived production API key in global shell startup files (use limited-scope or ephemeral keys), and consider testing with non-sensitive data first. If you cannot verify the service's identity and data handling, do not provide real patient data or your primary API key.
功能分析
Type: OpenClaw Skill
Name: mentx-doctor
Version: 2.0.0
The skill bundle contains a critical shell injection vulnerability in `scripts/mentx-api.sh`. User-supplied medical descriptions and messages are passed as command-line arguments and expanded within a shell heredoc without sanitization, allowing for arbitrary command execution (RCE) on the host system. While the script's logic and the instructions in `SKILL.md` appear aligned with the stated purpose of medical reporting via `developer.mentx.com`, the implementation is dangerously insecure and allows for potential exploitation by a user providing crafted input.
能力评估
Purpose & Capability
The SKILL.md and scripts clearly require an API key (MENTX_API_KEY) to call developer.mentx.com, but the registry metadata lists no required environment variables/primary credential. That mismatch is significant: a skill described as 'instruction-only' / no envs in registry in fact needs a secret to function. Also SKILL.md claims Version 1.0.0 while registry shows 2.0.0 — metadata inconsistencies reduce trust.
Instruction Scope
Instructions stay within the stated purpose (immediate empathic reply, then asynchronously upload text/images to Mentx API and poll for a report). However the runtime behavior involves uploading user-supplied medical images/reports (PHI) to https://developer.mentx.com, storing responses temporarily in /tmp, and running background curl jobs. Those are coherent with the purpose but have privacy and data-handling implications that are not addressed in the skill (no explicit consent, retention, or privacy policy text included).
Install Mechanism
There is no install spec (instruction-only), which is low risk, but the repository includes an executable shell script (scripts/mentx-api.sh) that the agent will call at runtime. That means code will run on the host when invoked even though nothing is declared to be installed—this is expected but worth noting.
Credentials
The skill requires an API key (MENTX_API_KEY) to contact the external Mentx API, which is appropriate for a third‑party service. The problem is the registry metadata did not declare this required credential. Requiring a secret without declaring it is an incoherence and a user-safety concern. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges. It runs short-lived background tasks and writes temporary files to /tmp only. It does not modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install mentx-doctor - 安装完成后,直接呼叫该 Skill 的名称或使用
/mentx-doctor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
新增异步任务流程,等待期间可提供情绪陪伴,支持轮询检查
v1.0.1
- No code or functional changes in this version.
- Documentation and metadata updates only.
v1.0.0
- Initial release providing AI-powered healthcare decision support based on user-uploaded images (like X-rays, CT, reports) and text descriptions.
- Integrates with Mentx API for file upload and medical report generation.
- Supports both image+text and text-only medical question inputs.
- Adds privacy protection, mandatory medical disclaimer, and emergency detection prompts.
- Chinese mainland user access only; requires MENTX_API_KEY.
- Limits: up to 10 images per session, no real-time video diagnosis, typical report in 10–30 seconds.
元数据
常见问题
Mentx Doctor 医疗助手 是什么?
基于提出的医疗相关问题,通过 api上传医疗相关图片和文字(表征、内窥镜影像、X光、CT、MRI、超声、心电、各类检测报告等),获取专业医疗辅助决策报告支持。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1035 次。
如何安装 Mentx Doctor 医疗助手?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install mentx-doctor」即可一键安装,无需额外配置。
Mentx Doctor 医疗助手 是免费的吗?
是的,Mentx Doctor 医疗助手 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Mentx Doctor 医疗助手 支持哪些平台?
Mentx Doctor 医疗助手 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Mentx Doctor 医疗助手?
由 Mentx.com(@dj801117)开发并维护,当前版本 v2.0.0。
推荐 Skills