deepevidence循证医学AI助手

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed medical evidence API wrapper that sends user-entered clinical questions to DeepEvidence and does not show hidden or unrelated behavior.

Install only if you are comfortable sending clinical questions to DeepEvidence. Avoid patient-identifying details unless your privacy obligations allow it, keep DEEPEVIDENCE_API_KEY secret, and treat outputs as reference material that must be verified by a qualified clinician.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The script sends user medical questions and optional identifiers/metadata to a remote third-party API without any explicit consent prompt or warning at send time. In a medical context, users may submit highly sensitive health information, so the lack of a clear disclosure increases the risk of inadvertent privacy violations and regulatory noncompliance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal