ClawHub

Mentx Doctor 医疗助手

Security checks across malware telemetry and agentic risk

Overview

This skill appears to provide the medical-report service it advertises, but it handles sensitive health data with too little consent, scoping, and cleanup control.

Review before installing. Use this only where users explicitly agree to send medical descriptions, images, reports, and identifiers to Mentx; do not use it for emergencies; protect and rotate the API key if exposed; restrict uploads to intended medical files; and clear /tmp/mentx-doctor after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill claims the waiting-period interaction is limited to emotional support, but it later instructs the agent to ask for symptom details and share health knowledge. In a medical context, this blurs the boundary between support and informal triage, increasing the chance of unreviewed medical guidance being given outside the stated safety constraints.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The skill is presented to general users as a healthcare assistant, but the final disclaimer says the output is only for clinicians' reference. That mismatch can mislead end users into relying on content not intended for them, especially in a high-stakes medical setting where misunderstanding the audience can affect care-seeking decisions.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger conditions are overly broad and include common everyday words related to health and hospitals. This can cause accidental activation in unrelated conversations, leading to unnecessary collection or processing of sensitive medical information and unexpected use of the external medical API.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill asks users to provide medical descriptions and upload medical files, then sends them to a backend API, but it does not adequately disclose privacy, retention, transmission, or third-party processing risks. Because medical data is highly sensitive, insufficient notice and consent can expose users to serious confidentiality, compliance, and trust harms.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script uploads arbitrary user-supplied files to an external medical API without any consent gate, sensitivity warning, file-type restriction, or minimization step. In a medical context this can expose highly sensitive health data or unrelated local files to a third party, increasing privacy and compliance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script transmits message content and user identifiers to a remote service without explicit disclosure or consent handling. Because this is a medical-report workflow, those fields may contain protected health information, making silent external transmission more dangerous than in a generic chatbot context.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to continue soliciting additional symptom details during background processing, creating an expanding collection of sensitive medical data beyond the initial request. In context, this is especially risky because the data may be disclosed to an external API without clear consent boundaries, purpose limitation, or minimization controls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal