ClawHub

AU Allied Health Notes Recall

Security checks across malware telemetry and agentic risk

Overview

This is not malware, but it needs review because its healthcare documentation guidance has broad triggers and examples that could lead to unsafe clinical or Medicare billing output.

Install only if you are comfortable using it as a drafting aid for qualified Australian allied health practitioners. Do not let users copy generated clinical notes directly into records without checking every clinical fact, placeholder, patient identifier, session count, item number, and rebate against current official sources and the actual patient file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to never state rebate dollar amounts from memory, yet it includes a concrete rebate figure in the Better Access section. This creates contradictory guidance that can cause the agent to emit stale or incorrect billing information, which is especially risky in a Medicare compliance context where fees and rebates change over time.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The example SOAP note fabricates specific clinical findings, measurements, and treatment details beyond what the user provided, despite the skill's own rule forbidding invented clinical content. In healthcare documentation, invented findings can lead to false medical records, unsupported Medicare claims, and downstream patient safety or regulatory consequences if copied into real charts.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list contains broad phrases like 'write a note', 'item number', and 'privacy' that can match ordinary requests outside the intended healthcare workflow. Over-broad activation can cause the skill to engage inappropriately, producing regulated medical, billing, or privacy-oriented output in contexts where it does not belong and increasing the chance of misleading advice or data-handling mistakes.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The task-identification table repeats vague prompts such as 'write a note' or 'what code' without enough domain scoping, making false activation likely. In a clinical-adjacent skill, accidental activation is more dangerous than in a generic assistant because it may steer users into compliance-sensitive workflows and produce authoritative-looking healthcare administrative content without sufficient context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal