ClawHub

Symptom Checker Triage

Security checks across malware telemetry and agentic risk

Overview

This is a local rule-based symptom triage helper with no hidden access or persistence, though its medical safety wording should be treated cautiously.

Install only if you need a lightweight local triage aid and can preserve its safety limits in the user-facing response. Use verbose or JSON output, display the warning every time, tell users to contact their local emergency number rather than relying on 911 outside the United States, and route urgent or unclear symptoms to professional medical care.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The skill explicitly limits accepted symptom descriptions to English or Chinese, which can cause users speaking other languages to be rejected or misunderstood in a medical-triage context. In a safety-sensitive workflow, language restriction without clear user-choice handling or fallback can lead to missed red flags, delayed care, or unsafe triage outcomes.

Missing User Warnings

High
Confidence
97% confidence
Finding
The program suppresses its medical safety disclaimer during normal use and only shows it when --verbose is enabled. In a medical triage skill, that increases the chance users treat the output as authoritative clinical advice, which is especially dangerous because the rule engine is simplistic and can miss or misclassify emergencies.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The emergency recommendation hard-codes 'call 911,' which is not valid in many countries and could delay access to emergency services for non-US users. Because this skill is a medical triage tool, incorrect emergency contact guidance directly affects user safety in time-critical situations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal