ClawHub

Vet Clinic Ops

Security checks across malware telemetry and agentic risk

Overview

This is a template-only veterinary clinic operations skill; its client-message examples need privacy care, but it shows no code, credentials, persistence, or hidden data movement.

Safe to install as an instruction/template skill, but do not paste unnecessary client personal data or medical record details into it. Review any SMS or email text before sending, use approved clinic communication systems, confirm client opt-in/consent where required, and keep using compliant systems for diagnosis, controlled substances, insurance, and regulated records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README encourages users to provide clinic operational details and implies automated follow-ups involving client communications, but it does not warn that this workflow may involve sensitive business data and potentially regulated client or patient-related information. In a veterinary clinic context, missing guidance on data minimization, consent, access control, and secure handling increases the risk of inappropriate disclosure or unsafe deployment of the skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill includes automated client outreach templates containing pet names, owner names, procedures, vaccines, dates, phone numbers, and booking links, but provides no privacy, consent, or data-handling safeguards. In a veterinary clinic context this is operationally plausible, yet it still creates real risk of exposing client-associated personal data through insecure messaging channels, unsolicited outreach, or improper automation workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal