$ loading_
为医疗应用部署提供患者安全自动化评估,发现风险即阻止上线。
该技能材料显示其本质是开源的提示/测试规范型安全评估框架,未声明需要密钥或固定远程端点,整体风险较低。README 含示例命令与测试流程,但从已知材料看更接近文档/提示用途,本身未体现明显数据外发或越权红旗。
材料明确标注无需密钥或环境变量,未见要求提供 API token、数据库凭证或服务账号,因此凭证泄露与滥用面较小。
未声明任何远程端点,描述也未显示会将用户数据发送到外部服务;现有内容主要是本地/CI 测试分类与命令示例,未见明确外发路径。
系统客观检查项标记为 prompt-only;尽管 README 展示了 Jest、shell 等示例命令,但作为审计对象来看更像文档性用法说明,未见该技能自身声明具备直接执行本机代码的能力。
材料未声明可读写本地文件、数据库或系统资源的实际权限;虽涉及 PHI、EHR、数据库模式等测试场景,但未显示该技能本身请求过度数据访问。
来源为 GitHub 开源仓库,且社区采用度很高(约 210k star),这些都是显著的正面可信度信号。许可证与维护状态未明是小的可审计性缺口,但不足以单独升高到高风险。
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "healthcare-eval-harness" 技能: 1. 下载 https://raw.githubusercontent.com/affaan-m/ECC/main/skills/healthcare-eval-harness/SKILL.md 2. 保存为 ~/.claude/skills/healthcare-eval-harness/SKILL.md 3. 装好后重载技能,告诉我可以用了
请为医院临床决策支持系统部署生成一套患者安全评估方案,覆盖诊断建议准确性、PHI 暴露检查、临床工作流完整性,以及与 EHR 的集成合规性;并定义失败即阻止发布的规则。
一套可执行的部署前评估清单、测试项与阻断发布标准。
针对医疗问诊应用最近一次版本更新,设计自动化回归测试套件,重点验证症状分诊准确率、敏感患者信息泄露风险、关键表单提交流程是否中断,并给出通过阈值。
覆盖关键风险点的自动化测试方案、样例用例和量化验收门槛。
某医疗应用部署因安全评估失败被阻止,请分析可能原因,按 CDSS 准确性、PHI 暴露、临床流程异常、接口合规问题分类,并给出修复优先级建议。
按风险类别整理的问题诊断报告,以及明确的修复顺序建议。
Automated verification system for healthcare application deployments. A single CRITICAL failure blocks deployment. Patient safety is non-negotiable.
Note: Examples use Jest as the reference test runner. Adapt commands for your framework (Vitest, pytest, PHPUnit, etc.) — the test categories and pass thresholds are framework-agnostic.
The eval harness runs five test categories in order. The first three (CDSS Accuracy, PHI Exposure, Data Integrity) are CRITICAL gates requiring 100% pass rate — a single failure blocks deployment. The remaining two (Clinical Workflow, Integration) are HIGH gates requiring 95%+ pass rate.
Each category maps to a Jest test path pattern. The CI pipeline runs CRITICAL gates with --bail (stop on first failure) and enforces coverage thresholds with --coverage --coverageThreshold.
1. CDSS Accuracy (CRITICAL — 100% required)
Tests all clinical decision support logic: drug interaction pairs (both directions), dose validation rules, clinical scoring vs published specs, no false negatives, no silent failures.
npx jest --testPathPattern='tests/cdss' --bail --ci --coverage
2. PHI Exposure (CRITICAL — 100% required)
Tests for protected health information leaks: API error responses, console output, URL parameters, browser storage, cross-facility isolation, unauthenticated access, service role key absence.
npx jest --testPathPattern='tests/security/phi' --bail --ci
3. Data Integrity (CRITICAL — 100% required)
Tests clinical data safety: locked encounters, audit trail entries, cascade delete protection, concurrent edit handling, no orphaned records.
npx jest --testPathPattern='tests/data-integrity' --bail --ci
4. Clinical Workflow (HIGH — 95%+ required)
Tests end-to-end flows: encounter lifecycle, template rendering, medication sets, drug/diagnosis search, prescription PDF, red flag alerts.
tmp_json=$(mktemp)
npx jest --testPathPattern='tests/clinical' --ci --json --outputFile="$tmp_json" || true
total=$(jq '.numTotalTests // 0' "$tmp_json")
passed=$(jq '.numPassedTests // 0' "$tmp_json")
if [ "$total" -eq 0 ]; then
echo "No clinical tests found" >&2
exit 1
fi
rate=$(echo "scale=2; $passed * 100 / $total" | bc)
echo "Clinical pass rate: ${rate}% ($passed/$total)"
5. Integration Compliance (HIGH — 95%+ required)
Tests external systems: HL7 message parsing (v2.x), FHIR validation, lab result mapping, malformed message handling.
tmp_json=$(mktemp)
npx jest --testPathPattern='tests/integration' --ci --json --outputFile="$tmp_json" || true
total=$(jq '.numTotalTests // 0' "$tmp_json")
passed=$(jq '.numPassedTests // 0' "$tmp_json")
if [ "$total" -eq 0 ]; then
echo "No integration tests found" >&2
exit 1
fi
rate=$(echo "scale=2; $passed * 100 / $total" | bc)
echo "Integration pass rate: ${rate}% ($passed/$total)"
| Category | Threshold | On Failure |
|---|---|---|
| CDSS Accuracy | 100% | BLOCK deployment |
| PHI Exposure | 100% | BLOCK deployment |
| Data Integrity | 100% | BLOCK deployment |
| Clinical Workflow | 95%+ | WARN, allow with review |
| Integration | 95%+ | WARN, allow with review |
name: Healthcare Safety Gate
on: [push, pull_request]
jobs:
safety-gate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
- run: npm ci
…
帮助开发者使用 Bun 进行运行、打包、测试与依赖管理,并评估替代 Node 的时机。
用于检索本地健康知识库并追踪笔记关联,快速定位医学信息与上下文。