ClawHub

Veterinary Clinic Bundle

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent veterinary-clinic assistant, but it handles sensitive client, pet, medical, and business data with under-disclosed storage, external LLM transmission, and unauthenticated history access.

Install only after reviewing and tightening privacy and access controls. Require authentication for API endpoints, disable or disclose external LLM processing, add consent and retention rules for stored conversations and client/pet records, and require human confirmation for clinical, financial, messaging, and report-generating workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (82)

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The FAQ claims the bundle only handles administrative and communication tasks, yet the skill list includes lab interpretation and drug interaction guidance. In a veterinary context, this mismatch can cause over-trust in AI-generated clinical support and reduce appropriate human review, increasing the chance of unsafe care decisions.

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The manifest frames the bundle as operations automation for scheduling, records, follow-up, and analysis, but the documented functions extend into veterinary clinical-support behavior. This under-disclosure matters because medical-adjacent functionality carries higher safety, liability, and validation requirements than ordinary office automation.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The conversation history endpoint returns full transcripts for any provided session_id with no authentication or authorization checks. Because chats may contain personal and veterinary medical information, an attacker who guesses or learns a session ID can retrieve sensitive records, creating a direct privacy breach.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The documented trigger phrases are very broad generic words such as symptoms, records, price, or booking terms, which can easily appear in normal conversation and cause unintended skill activation or incorrect routing. In a veterinary clinic context, misrouting can affect appointment handling, record lookup, emergency triage, or customer communication, creating operational and privacy risks even if this is not overtly malicious.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Using a default-routing condition for the AI front desk means unmatched or ambiguous user input may automatically invoke a powerful catch-all handler. In this skill bundle, that increases the chance that sensitive clinic workflows are engaged without clear user intent, which can lead to incorrect advice, unwanted data processing, or accidental disclosure through overbroad fallback behavior.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README promotes automated reminders, follow-ups, and customer outreach without documenting consent, notice, retention, or data-sharing expectations. In a veterinary setting, these features process owner contact details and pet care information; lacking privacy warnings and controls increases the risk of unauthorized messaging, regulatory noncompliance, and user harm from opaque data handling.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README describes automated medical-record, prescription, lab interpretation, and referral features without warning about the sensitivity of clinical and customer data. Because these workflows involve health-adjacent records, treatment information, and potentially regulated business data, undocumented handling expectations can lead to unauthorized access, excessive retention, mistaken automation, or unsafe reliance on AI-generated outputs.

Vague Triggers

High
Confidence
80% confidence
Finding
Using the single-character trigger '急' for an emergency triage skill is overly broad in a safety-critical workflow. In a veterinary clinic context, accidental activation could misroute ordinary conversations into emergency handling or generate inappropriate urgency guidance, which is more dangerous than in a non-medical domain.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill says collected client and pet data are automatically stored in a database but does not clearly notify users that personally identifiable and medical-adjacent information will be retained. This is dangerous because silent persistence undermines informed consent, increases privacy compliance risk, and expands the blast radius if the system is compromised.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The AI phone-answering feature describes automated intent recognition and handling of caller content without warning that calls or their contents may be processed, analyzed, or potentially recorded. In a clinic setting, this can expose sensitive personal and health-related information without adequate notice or consent.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The workflow documentation describes automated customer messaging and multiple third-party integrations (WeChat, SMS, phone, payment, printing) that would process customer and pet-related data, but it provides no notice about consent, privacy handling, retention, or transmission boundaries. In a veterinary context, these automations can expose personally identifiable information, appointment details, medical record data, and payment-related metadata to external services without clear safeguards or user awareness.

Missing User Warnings

High
Confidence
97% confidence
Finding
User messages are sent to an external LLM provider without any consent, warning, or redaction, and those messages can include names, phone numbers, symptoms, lab results, and other medical data. In a veterinary clinic context, this is especially sensitive because the app collects operational, personal, and medical information, so silent third-party transmission creates substantial confidentiality and compliance risk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are very generic terms commonly used in ordinary veterinary conversations, so the skill may activate unintentionally when a user is merely discussing appointments or care. In an appointment-booking context, accidental invocation can cause unintended scheduling actions, collection of personal data, or workflow confusion, especially in a medical-services environment.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill declares an automatic trigger without defining explicit invocation boundaries, which can cause the agent to activate in unintended conversational contexts. In an automation setting tied to customer communications, this increases the risk of accidental birthday messaging, inappropriate data access, or unintended workflow execution.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The documentation refers to a trigger word but does not specify it, while also claiming the AI will automatically infer intent, leaving invocation criteria undefined. This ambiguity can cause over-broad matching and unintended execution, especially in a veterinary clinic environment where customer records and messaging actions may be involved.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are very broad and generic, which can cause the skill to activate unintentionally during normal veterinary conversations. In a clinic workflow, misfiring automation can return irrelevant breed information, confuse operators, or interfere with more appropriate skills, especially where breed affects treatment context.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases "促销" and especially "活动" are very broad and likely to appear in ordinary veterinary business conversations, which can cause accidental invocation of this skill in unrelated contexts. In an agentic workflow, unintended activation can lead to inappropriate campaign-planning actions, incorrect outputs, or downstream access to configured data stores without clear user intent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases "病例" and especially "案例" are very broad and likely to appear in ordinary veterinary discussions, which can cause unintended invocation of the skill. In a workflow that may access case libraries or perform automated record actions, accidental activation can lead to inappropriate data exposure, confusing automation behavior, or unauthorized operations in the wrong context.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are very broad and the documentation does not define clear activation boundaries, which can cause the skill to run in unintended contexts. In a veterinary workflow, accidental activation could surface churn-related processing or patient/client data handling when the user's intent was ambiguous, increasing the risk of inappropriate automation and privacy-impacting actions.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases "年检" and especially "资质" are broad enough to appear in normal discussion, which can cause unintended invocation of the skill. In an operational veterinary context, accidental activation could surface compliance workflows or data-handling actions at the wrong time, leading to confusion, erroneous reminders, or unintended access to regulated business information.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases "日报" and "今日营收" are short and generic, making accidental or out-of-context invocation more likely in normal conversation. In a veterinary clinic setting, unintended activation could expose sensitive business or client-related operational data, or cause the agent to act on the wrong user request without clear authorization boundaries.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases "押金" and "预付" are generic financial terms and the skill does not define any scope constraints, confirmation steps, or routing boundaries. In a multi-skill veterinary assistant, this can cause unintended invocation on unrelated conversations about payments or deposits, potentially leading to incorrect financial actions, data retrieval, or workflow activation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases "驱虫" and "体内外驱虫" are broad, and the skill does not clearly define what actions the agent may take after matching them. In a veterinary workflow, underspecified invocation can cause the system to activate in the wrong context, generate inappropriate medical guidance, or initiate record/scheduling actions without sufficient confirmation, increasing the risk of operational or safety errors.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases "怎么走", "地址", and especially "在哪" are broad conversational terms that can easily appear in unrelated user messages, causing the skill to activate unintentionally. In a veterinary context, accidental invocation can expose location data, interfere with routing of user intent, or cause the assistant to return the wrong workflow when users are asking general questions rather than requesting clinic directions.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrase "出院" is very broad and can activate in ordinary conversation without sufficient contextual checks. In a veterinary workflow, unintended activation could cause the system to generate or present discharge guidance at the wrong time, creating operational confusion and potentially unsafe medical communication if staff rely on the output prematurely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal