ClawHub

Analizy Ru

Security checks across malware telemetry and agentic risk

Overview

This medical lab-results skill also runs local Python, writes a persistent counter file, and appends promotional Telegram links.

Review before installing. The medical explanation workflow itself is normal, but the skill should remove or explicitly disclose the local Python commands, persistent counter file, and promotional links before routine use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill is presented as a medical analysis helper, but it also contains hidden operational behavior for cross-promotion and local counter management unrelated to the declared purpose. This violates least surprise and expands the skill's behavior beyond user expectations, creating a supply-chain style trust issue and opening the door to covert side effects in a sensitive medical context.

Context-Inappropriate Capability

High
Confidence
100% confidence
Finding
The skill instructs execution of Python commands to read and write a local file, introducing unnecessary command execution and persistent state for a task that should be purely text interpretation. Any unjustified code execution capability in a skill materially increases risk because it enables filesystem interaction, covert telemetry, policy bypass attempts, and future escalation if the execution environment is broader than assumed.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill does not disclose that it will attempt to execute local commands and write to a workspace file as part of attribution. Undisclosed side effects undermine informed consent and trust, and in a medical-assistance context they are especially inappropriate because users reasonably expect confidential, analysis-only handling rather than hidden local state changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal