ClawHub

critical-disease-review

Security checks across malware telemetry and agentic risk

Overview

This medical-claims skill does the advertised assessment task, but its privacy claims do not match the code that sends full medical records to a different HTTPS endpoint and saves results locally by default.

Review this carefully before installing for real patient or claims data. Only use it if the endpoint is approved by your organization and you are comfortable with full structured medical records being transmitted and assessment outputs being saved on disk. Prefer a corrected version that enforces redaction, documents the real endpoint, makes persistence opt-in, and defines retention and cleanup controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill describes capabilities to read input files, write output files, and call an internal HTTP service, yet no explicit permissions model is declared. In a medical-claims context handling sensitive health records, undeclared file and network capabilities increase the risk of unintended data access, exfiltration, or misuse because operators and users cannot accurately assess what the skill is allowed to do.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The document promises strict de-identification before sending data to any model or interface, but the operational description only says the full medicalRecord JSON is sent to the assessment API, with no concrete sanitization step shown. For medical records, this mismatch is dangerous because implementers or users may assume PHI is protected when it may actually be transmitted intact to internal or third-party services.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The skill states that it does not persist user input or intermediate results and that data is destroyed after the call, but later advertises saving raw JSON responses and natural-language conclusions to local files by default. In a healthcare insurance workflow, this contradiction can lead to unapproved storage of sensitive medical and claims data on disk, expanding breach surface and violating retention/privacy expectations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code transmits full structured medical-record data to a remote service endpoint, which involves highly sensitive health information. Even though HTTPS is used, the script provides no user-facing disclosure, consent prompt, minimization, or safeguards around what PHI is being sent, creating a meaningful privacy and compliance risk if operators use it on real patient data without awareness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal