AI医疗助手

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only Chinese medical assistant skill with clean scans; its main risk is broad health advice, not hidden code or data access.

Install only if you want a Chinese-language medical information assistant. Do not rely on it for diagnosis, prescribing, dosage changes, emergencies, or medication adjustments without a licensed clinician, and be cautious about sharing personal medical details with any connected tools or model provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill defines broad medical capabilities but does not specify clear trigger phrases, invocation boundaries, or when it should decline activation. In a routing system, that can cause accidental invocation on generic health-related prompts, exposing users to unscoped medical guidance and increasing the chance of inappropriate reliance in sensitive contexts.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill content is effectively Chinese-only without stating locale restrictions or offering language selection, which can create misunderstandings for users or orchestrators operating in other languages. In a medical context, language mismatch increases the risk of incorrect symptom interpretation, medication misunderstanding, and unsafe advice delivery.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal