风险管理专家 (ISO 14971)

Security checks across malware telemetry and agentic risk

Overview

This skill is a medical-device risk-management guide with a local calculator and no evidence of hidden access, data transfer, persistence, or destructive behavior.

Reasonable to install if you need ISO 14971 risk-management templates and a local risk/RPN calculator. Verify publisher provenance because the bundled metadata differs from registry metadata, and treat the outputs as drafting aids requiring qualified regulatory, quality, clinical, and legal review before use in regulated medical-device work.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: This is a mismatch because the description is much broader than the code's actual behavior. The code does not implement lifecycle-wide ISO 14971 risk management, hazard identification, fault tree analysis, benefit-risk analysis, residual risk assessment workflows, risk control planning, or post-production information analysis. Instead, it is narrowly a calculator/viewer for a fixed 5x5 risk matrix and FMEA RPN scoring. It also includes explicit FMEA functionality, which is only indirectly hinted at in the description, not described as a calculator utility. The primary purpose therefore differs materially from the declared specialist role.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal