Back to skill

Security audit

Intelligent Triage Symptom Analysis

Security checks across malware telemetry and agentic risk

Overview

This medical triage skill appears functional, but it stores sensitive symptom history locally despite privacy claims and includes an unrelated persistent auto-evolution daemon.

Install only if you are comfortable reviewing and controlling the code. Do not run auto-evolve-daemon.sh. Treat the tool as informational, not emergency medical advice. Assume symptom inputs, assessments, timestamps, and user identifiers may be saved under ~/.openclaw unless you use --no-save-history or modify the code, and avoid broad chmod 755 permissions on ~/.openclaw.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
This script launches an infinite daemon that repeatedly executes a self-evolution routine against the skill every 30 minutes, which is unrelated to a normal static skill runtime and creates persistent autonomous behavior. In an agent skill context, self-modifying or self-updating code is especially dangerous because it can alter future behavior outside review, introduce malicious changes, or bypass trust and audit controls over time.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
This medical triage skill includes billing logic and payment gating that are unrelated to clinical symptom analysis. In a healthcare context, coupling access control and billing to urgent triage functionality can delay access and expands the data-handling surface to financial and identity workflows, increasing privacy and safety risk.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill makes external network calls to a billing service during operation, sending user-linked data off-device as part of access control. For a medical triage tool, this increases privacy exposure and introduces a dependency that can fail or delay use when the user may need timely guidance.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill persistently stores symptom assessments and history in local files under the user's home directory without protection controls. Because the data includes health-related information and timestamps, compromise of the local account or shared system could expose sensitive medical history and create significant privacy harm.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes automatic storage of symptom history and configurable retention without prominently warning users that potentially sensitive medical data may be persisted. In a healthcare context, undisclosed retention of symptom and triage history creates meaningful privacy and compliance risk because users may submit highly sensitive health information without informed consent or proper handling expectations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This file presents broad medical diagnostic reference content, including symptom-to-disease mappings and differential diagnoses, without any visible disclaimer that the material is informational only and not a substitute for professional medical evaluation or emergency care. In an agent skill context, users may rely on this content for self-diagnosis or delay urgent treatment for serious conditions like ACS, PE, stroke, or meningitis, increasing the risk of harmful health decisions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This reference file provides concrete emergency triage levels, response times, and red-flag symptom guidance without any explicit warning that it is informational only and not a substitute for clinician or emergency-dispatch assessment. In a medical context, users or downstream agents may over-rely on this content for real-time decision-making, causing dangerous delay, under-triage, or inappropriate self-management during time-critical emergencies.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Sensitive symptom history is written to disk at the save site with no user-facing disclosure or consent step in that code path. In a medical context this is especially risky because users may not expect health assessments to be retained locally, leading to silent exposure of highly sensitive personal information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The billing request transmits the user identifier to a remote service without visible disclosure or consent in the processing flow. Even if the identifier is not directly a medical record, linking it to access to a triage service can create privacy concerns and unexpected third-party data sharing.

Session Persistence

Medium
Category
Rogue Agent
Content
### Permission Denied
If you see permission errors for `~/.openclaw/`:
```bash
mkdir -p ~/.openclaw/skill_trial
chmod 755 ~/.openclaw
```
Confidence
90% confidence
Finding
mkdir -p ~/.openclaw/skill_trial chmod 755 ~/.openclaw

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.