ClawHub
Back to skill

Security audit

Ai Pharmacognosy

Security checks across malware telemetry and agentic risk

Overview

This is a static pharmacognosy reference skill with no executable code, but its herbal identification and toxic-material processing content should be treated as educational only.

Install only if you want educational pharmacognosy reference material. Do not use it to identify, prepare, detoxify, dose, or consume medicinal herbs without a licensed professional, verified suppliers, and appropriate lab testing, especially for toxic materials such as aconite.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill provides processing guidance for medicinal materials, including detoxification-related claims for toxic substances such as aconite, without clear safety boundaries, contraindications, or direction to qualified supervision. Users may interpret this as actionable home-processing advice, and mistakes in handling, dosage, or preparation of toxic herbs can cause poisoning or other serious harm.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill encourages users to ask how to authenticate medicinal materials and presents identification methods such as morphology, microscopy, TLC, HPLC, and DNA barcoding without warning that misidentification can lead to ingestion of adulterated, substituted, or toxic species. In this domain, false confidence from simplified identification guidance is dangerous because many medicinal materials have look-alikes and contamination risks that require expert verification.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.