Back to skill

Security audit

Clinic Visit Prep

Security checks across malware telemetry and agentic risk

Overview

This is a local clinic-visit preparation skill that processes user-provided notes without network sharing, though its bundled script contains unused generic audit code.

Install this only if you want a local helper for clinic-visit preparation. Use files you intentionally choose, de-identify sensitive health details when possible, and review generated output before sharing it with a clinician. Avoid modifying the bundled spec to audit unrelated folders or repositories unless you deliberately want the local script to inspect those files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no permissions, yet its instructions explicitly allow use of python3 with input/output files and reference local resources, which implies shell execution plus file read/write capability. This mismatch weakens least-privilege controls and can cause users or the host platform to trust the skill as low-risk when it can actually access or modify local data.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The dispatch logic enables multiple generic auditing modes such as directory, CSV, pattern, and skill-package analysis that are unrelated to a clinic-visit preparation skill. In a healthcare context, this is dangerous because it expands the tool's capability to inspect arbitrary local files and repositories, creating unjustified access to potentially sensitive data and violating least-privilege expectations for a patient-prep workflow.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The pattern scanning feature searches arbitrary files for secrets, private URLs, and shell-execution indicators, which is a security-auditing capability not justified by the stated medical intake purpose. If exposed through an agent skill, this could be used to probe local workspaces or uploaded materials for sensitive infrastructure data, turning a benign healthcare skill into a file-inspection utility.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The directory auditing logic recursively enumerates files, reads Markdown content, and summarizes repository structure, which is unrelated to preparing patients for clinic visits. In this skill context, that broad file-discovery behavior increases the chance of collecting unrelated personal, operational, or confidential data from arbitrary directories supplied as input.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.