ClawHub

Medication Adherence Message Gen

Security checks across malware telemetry and agentic risk

Overview

This skill is a local medication-reminder message generator, but it is partly mislabeled as an academic-writing tool and lacks clear healthcare/privacy boundaries.

Review carefully before installing. Use only for draft medication reminder copy in an approved healthcare or research workflow, avoid real patient identifiers unless privacy controls are in place, and require human clinical/compliance review before sending generated messages. The publisher should relabel the skill as healthcare-adjacent medication messaging, remove academic-writing routing text, add privacy and consent warnings, and source or remove unsupported adherence statistics and urgent/loss-framed claims.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The manifest and top-level description present the skill as suitable for academic writing workflows, while the body clearly implements patient-facing medication adherence messaging. This mismatch can cause the skill to be invoked in the wrong context, bypass appropriate review, and conceal that it generates behavior-influencing health communications. In a health-related domain, misclassification is especially risky because users may not realize they are deploying patient messaging functionality.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The document says to stop for out-of-scope requests, yet it simultaneously rebrands the skill for academic writing even though its actual workflow is medication reminder generation. This creates contradictory routing guidance that can lead operators or agents to trust the wrong scope checks and run the skill in unintended situations. The contradiction weakens safety boundaries because the documented guardrails no longer match the real capability.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest description says the skill supports academic writing, but the documented behavior is generation of medication adherence reminders. This is a true security-relevant integrity issue because downstream selection, approval, and policy enforcement often rely on manifest metadata; misleading metadata can cause the tool to evade health-content review or be surfaced to inappropriate users. Given the patient-facing nature of the output, the context makes the mismatch more dangerous, not less.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The usage guidance repeatedly instructs use for academic-writing workflows, while the actual functionality is medical adherence message generation. This can mislead users and orchestrators into invoking a health-messaging tool under a benign-seeming category, increasing the chance of unauthorized or unreviewed patient communication generation. Because the skill applies persuasive behavioral techniques, misuse in the wrong context could have real-world health and compliance consequences.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation conditions are broad and inconsistent, making it unclear when the skill should be selected. Ambiguous invocation criteria can cause accidental or policy-bypassing use, especially when combined with misleading academic-writing framing and actual patient-message generation behavior. In a healthcare-adjacent context, unclear scope increases operational risk because the wrong tool may be chosen without proper oversight.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description does not clearly warn that it generates patient-facing medication adherence messages using behavioral influence techniques. Without explicit disclosure, users may underestimate the sensitivity of the domain, fail to apply healthcare review, or use manipulative messaging without appropriate governance. The medical and persuasive context makes this omission more dangerous than a generic copywriting tool.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The finding appears valid because the audit itself documents weak boundary handling, broad scope wording, and at least one stress-case scope-control failure. Overly broad invocation triggers can cause the skill to activate in unintended contexts and produce outputs outside its declared academic-writing boundary, which is especially risky when the topic touches medication adherence and could drift toward quasi-medical guidance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal