ClawHub

med-record-gen

Security checks across malware telemetry and agentic risk

Overview

This medical-record skill does its stated job, but it sends doctor-patient dialogue to a hard-coded external API while promising de-identification that the code does not perform.

Review carefully before using with real patient data. Manually remove names, phone numbers, IDs, addresses, and other identifiers first, and only use it if sending the dialogue to the external service is acceptable under your medical-data privacy obligations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script sends the full doctor-patient dialogue to a remote company API even though the skill is described as generating records from dialogue text without making that data flow explicit. Because the input contains sensitive medical information, undisclosed off-device transmission creates a real confidentiality and compliance risk, especially if users or operators assume processing is local.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code has external network exfiltration capability for highly sensitive medical dialogue and sends it to a hard-coded third-party endpoint. In a healthcare context, this is more dangerous than ordinary telemetry because the transmitted content may include diagnoses, symptoms, identifiers, and other regulated personal health information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The tool reads doctor-patient dialogue from a file and processes it without any explicit warning that the contents will be sent over the network to an external backend. That omission meaningfully increases privacy risk because operators may unknowingly submit sensitive PHI, making accidental disclosure more likely in this medical skill context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal