ClawHub

御医

Security checks across malware telemetry and agentic risk

Overview

This health skill is not deceptive or executable, but it defaults to broad long-term use of sensitive health and wearable data without clear consent, limits, or deletion controls.

Install only if you intentionally want an AI assistant to build a long-term health profile from your medical, wearable, lifestyle, and personal context. Before using it, limit what you share, require explicit confirmation before HealthKit access, and make sure your platform gives you a way to review, correct, and delete remembered health information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill hard-codes Simplified Chinese as the final output language regardless of the user's preference. While not a direct security exploit, this can override user intent and reduce transparency or comprehension for users who expected another language, which is a meaningful policy and trust issue in a medical context.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes broad, ordinary phrases that can activate the skill in contexts where the user may not intend long-term health profiling or memory use. In a health skill that handles highly sensitive data, accidental activation increases the chance of collecting, correlating, or surfacing private information without clear user intent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill directs broad long-term collection and use of sensitive health, psychological, lifestyle, and personal background data without an explicit privacy warning or informed consent flow. Because this is medical and biometric data, silent retention and reuse materially increases privacy harm, user surprise, and downstream misuse risk.

Ssd 3

High
Confidence
99% confidence
Finding
The instruction to default to remembering all user-provided health and related personal information creates a standing mechanism for persistent retention of highly sensitive data. This is dangerous because it normalizes over-collection and indefinite reuse of medical, mental health, reproductive, and lifestyle information beyond what is necessary for a single interaction.

Ssd 3

High
Confidence
99% confidence
Finding
The requirement to automatically read the latest weekly HealthKit data on each interaction is a persistent sensitive-data extraction instruction without per-use confirmation. Automatic access to wearable health telemetry can expose ongoing biometric trends and collect more data than the user intended for the current request.

Ssd 3

High
Confidence
98% confidence
Finding
Treating user information as a continuously updated long-term database and requiring each analysis to prioritize historical records creates systematic aggregation of sensitive personal data. Aggregation increases re-identification, inference, and privacy risks because cross-time correlation can reveal intimate medical and behavioral patterns the user did not knowingly authorize.

Ssd 3

High
Confidence
98% confidence
Finding
The default workflow instructs the system to first consolidate all previously known health and personal information before processing new input, making broad sensitive-data reuse the baseline behavior. In a medical assistant context, that default can surface or rely on historical data the user did not intend to invoke in the present conversation, compounding privacy and consent issues.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal