Hipaa Compliance Auditor

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate local HIPAA redaction helper, but it can expose patient data through audit logs and console output, and its compliance claims are stronger than the implementation supports.

Review before installing or using with real patient data. Use only in a controlled local environment, avoid audit logs unless they are protected as PHI, avoid shared terminals or CI logs, pin dependencies, and require manual review before relying on any output for HIPAA-related release decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (14)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill documentation describes code behavior with file read/write capabilities, but no explicit permissions are declared. In a healthcare-oriented de-identification tool, this mismatch is risky because it processes highly sensitive PHI/PII and could read unintended files or write sensitive outputs and audit logs to unsafe locations if the runtime trusts undeclared capabilities.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The class documentation claims coverage of all 18 HIPAA identifier categories, but the implementation only detects a subset and misses multiple listed categories. In a HIPAA de-identification tool, this can create a false sense of compliance and cause users to release medical text that still contains PHI, which is a security and privacy failure rather than a mere documentation issue.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The module advertises 'clinical-grade' de-identification according to HIPAA Safe Harbor standards, yet the code itself says manual review is required and only performs limited heuristic validation. In this healthcare context, overstating assurance is dangerous because operators may trust the output as compliant and expose residual PHI in production workflows.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The audit log records per-detection context derived from the original input, which can include snippets of PHI/PII, and does so without prominent disclosure or safeguards. In a medical-text processing skill, storing PHI-bearing logs expands the sensitive-data footprint, increases retention and access risks, and may itself create a HIPAA compliance problem if logs are not protected as regulated data.

Unpinned Dependencies

Low

Category: Supply Chain
Content: # Install with: pip install -r requirements.txt # Core NLP library spacy>=3.7.0 # spaCy models (install separately): # python -m spacy download en_core_web_trf # Best accuracy (transformer-based)
Confidence: 86% confidence
Finding: spacy>=3.7.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # python -m spacy download en_core_web_md # Medium model, faster # Enhanced PII detection (optional but recommended) presidio-analyzer>=2.2.0 presidio-anonymizer>=2.2.0 # Advanced regex support
Confidence: 89% confidence
Finding: presidio-analyzer>=2.2.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # Enhanced PII detection (optional but recommended) presidio-analyzer>=2.2.0 presidio-anonymizer>=2.2.0 # Advanced regex support regex>=2023.0.0
Confidence: 89% confidence
Finding: presidio-anonymizer>=2.2.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: presidio-anonymizer>=2.2.0 # Advanced regex support regex>=2023.0.0 # Data validation dacite>=1.8.0
Confidence: 80% confidence
Finding: regex>=2023.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: regex>=2023.0.0 # Data validation dacite>=1.8.0 # Testing pytest>=7.4.0
Confidence: 78% confidence
Finding: dacite>=1.8.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: dacite>=1.8.0 # Testing pytest>=7.4.0 pytest-cov>=4.1.0
Confidence: 91% confidence
Finding: pytest>=7.4.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # Testing pytest>=7.4.0 pytest-cov>=4.1.0
Confidence: 83% confidence
Finding: pytest-cov>=4.1.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: dataclasses spacy
Confidence: 92% confidence
Finding: dataclasses

Unpinned Dependencies

Low

Category: Supply Chain
Content: dataclasses spacy
Confidence: 97% confidence
Finding: spacy

Known Vulnerable Dependency: pytest — 1 advisory(ies): CVE-2025-71176 (pytest has vulnerable tmpdir handling)

Low

Category: Supply Chain
Confidence: 72% confidence
Finding: pytest

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal