Back to skill

Security audit

Medication Reconciliation

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local medication reconciliation tool, but it handles sensitive patient data and reports must be managed carefully.

Install only if you are comfortable processing medication data locally under your organization’s privacy rules. Use de-identified or authorized inputs, avoid writing reports to shared or insecure folders, treat generated reports as PHI, and require qualified clinical review before any care decision.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation instructs users to read input files and optionally write an output report, but it does not declare any permissions for those file operations. This creates a transparency and governance gap: a host system or reviewer may assume the skill has no filesystem access even though its documented usage requires reading patient medication files and potentially writing reports, which is especially sensitive in a healthcare/PHI context.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The audit states the skill does not generate clinical or diagnostic decision outputs, yet the same file documents clinically prioritized warnings, criticality labels, and physician-review recommendations. In a medical context, this kind of understatement can misclassify the risk tier of the skill and cause reviewers or deployers to apply weaker safeguards than the behavior warrants.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The security note claims PHI protection is enforced before processing, but the evidence only shows a user prompt asking for confirmation of de-identification. A prompt is not an enforcement control; if operators misconfirm or ignore it, identifiable patient data may still be processed, creating privacy and compliance exposure in a healthcare workflow.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The key strengths section presents de-identification confirmation as mandatory/enforced, while the documented behavior only demonstrates prompting the user. This overstates the privacy control posture and may lead downstream approvers to trust the skill with PHI under the false assumption that technical safeguards exist.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code writes the full reconciliation report to an arbitrary file path, and that report includes patient identifiers, medication lists, and clinical warnings. In a healthcare context this is highly sensitive data; saving it to disk without safeguards, minimization, consent/notice, or secure permissions materially increases the risk of PHI exposure through shared directories, backups, logs, or improper file handling.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.