Protocol Deviation Classifier

Security checks across malware telemetry and agentic risk

Overview

This is a local clinical-trial deviation classifier with disclosed file-based inputs and outputs, but users should treat its results as decision support only.

Before installing, review the Python script and avoid putting unnecessary patient, subject, or site identifiers into input files. Use outputs as recommendations for qualified clinical QA or regulatory staff to review, and update downstream workflows to handle Major, Minor, and Critical classifications.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill declares no explicit permissions while its documented behavior includes reading input files and writing output reports. This creates a transparency and governance gap: a caller or platform may authorize or invoke the skill without understanding that it can access the filesystem, increasing the risk of unintended data exposure or writes in a regulated clinical environment.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 87% confidence
Finding: The documented purpose says the skill determines whether a deviation is major or minor, but the behavior reportedly includes a third classification category, aggregate reporting, and interactive/demo modes. In a GxP/regulatory workflow, such undocumented behavior can mislead users, bypass expected review boundaries, and produce outputs or operational modes that were never risk-assessed or approved.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill contract says it determines whether an incident is a 'major deviation' or 'minor deviation', but the implementation introduces a third 'critical' class and corresponding reporting/actions. In a regulated clinical-trial workflow, this semantic mismatch can misroute incidents, break downstream automations that expect a binary output, and create inconsistent regulatory documentation or escalation handling.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The activation trigger is broad enough that the skill could be invoked for loosely related requests without clear scoping or user confirmation. In this context, that can lead to overuse of an automated classifier for sensitive clinical decisions, causing inappropriate classification or reliance on tool output where manual QA review should occur.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal