ClawHub

Fda Guideline Search

Security checks across malware telemetry and agentic risk

Overview

The skill is not destructive, but it presents synthetic FDA-guidance results as if they were real regulatory search results.

Review before installing, especially for compliance or medical-regulatory work. Treat search results from this skill as non-authoritative demo data unless the implementation is changed to retrieve and validate actual FDA/ICH records; verify any cited guidance directly with FDA or ICH sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises and documents network access and local caching/writes, but no explicit permissions are declared. That creates a trust and enforcement gap: a caller or platform may assume the skill is read-only while it can still reach external services and persist files locally. In an agent environment, undeclared capabilities reduce reviewability and can enable unexpected data egress or filesystem modification.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose is guideline search, but the behavior includes downloading PDFs, writing local output files, and possibly generating mock/sample entries instead of authoritative FDA results. This mismatch is dangerous because users and orchestrators may trust the skill for compliance-sensitive regulatory research while it performs side effects and may return fabricated or non-authoritative data. In a pharma/regulatory context, inaccurate or synthetic guidance results can directly mislead decision-making.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill advertises FDA guideline search and retrieval, but the core search function returns fabricated sample documents and synthetic metadata instead of actual FDA results. In a regulatory/compliance workflow, users may rely on these outputs for medical, legal, or submission decisions, creating a serious integrity risk through misinformation and false provenance.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The comments state that production should use actual FDA/API-backed retrieval, but the implementation never uses fetched FDA content and instead serves mock results. This mismatch is dangerous because it misleads reviewers and downstream users into believing the tool is authoritative when it is not, undermining trust and enabling silent data integrity failures.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The markdown states that PDFs may be downloaded and cached locally, but it does not prominently warn users that executing the skill writes files to disk. Hidden or poorly disclosed persistence is risky because it can consume storage, retain regulated research artifacts longer than expected, and surprise users in environments where local writes are restricted or monitored. The risk is elevated slightly because this skill operates in a compliance-focused domain where provenance and data handling expectations matter.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal