医生工作台助手 (Agentic AI 科研平台)

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow doctor-workbench helper that reads one local demo patient file and posts generic progress updates to a local service.

Install this only where the localhost reporting endpoint is expected and the referenced demo patient JSON is authorized for use. Treat any patient-related output as sensitive, verify that no real patient identifiers are exposed unintentionally, and have a clinician review generated follow-up tasks before acting on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly posts workflow status to a local HTTP endpoint without informing the user or documenting what data may be transmitted. Even though the payload shown is status metadata rather than patient content, this is a healthcare-context skill and silent network reporting around patient-processing activity creates privacy, audit, and trust risks, especially if the local service logs, forwards, or correlates requests with patient sessions.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal