Back to skill

Security audit

UAE clinic-compliance

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only UAE clinic compliance skill; its sensitive incident-report templates need careful handling but do not show hidden, automatic, or malicious behavior.

Install only if you need UAE clinic compliance guidance. Treat generated incident reports as sensitive healthcare material: use internal case IDs where possible, include full patient identifiers only when required by policy or regulator portals, restrict access to authorized staff, and share only through approved secure systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The incident report template explicitly asks for patient name and Emirates ID but does not instruct the user to apply minimum-necessary disclosure, access controls, or redaction when identifiers are not required. In a compliance skill, this can normalize over-collection and broad sharing of sensitive health data during incident handling, increasing privacy and regulatory exposure if copied into emails, shared documents, or unsecured logs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.