ClawHub

Salubrista HaH

Security checks across malware telemetry and agentic risk

Overview

The healthcare analysis skill is mostly coherent, but it embeds an authenticated inter-agent webhook token and instructions that could forward sensitive case context outside the skill.

Review before installing. The domain content appears useful and aligned with hospital-at-home analysis, but the publisher should remove and rotate the embedded bearer token, disable or tightly document inter-agent delegation, require explicit user consent before sending case context externally, and align the declared runtime capabilities with the tool instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The tool guide grants this healthcare analysis skill a general cross-agent webhook invocation path that is not necessary for its stated purpose of hospitalization and hospital-at-home analysis. This expands the trust boundary to arbitrary networked agent gateways and can be used to exfiltrate user or case data, trigger unintended downstream actions, or bypass domain restrictions through delegation.

Context-Inappropriate Capability

Critical
Confidence
99% confidence
Finding
A hardcoded bearer token is embedded directly in the skill instructions for outbound webhook calls, giving anyone with access to the skill definition reusable authenticated network access. In a medical workflow context, this is especially dangerous because the token can enable unauthorized forwarding of sensitive case details to external agents or services without proper oversight.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The documented ability to write into a shared per-agent directory is broader than needed for a read-heavy analysis skill and creates a persistence/exfiltration staging surface. An agent could store sensitive hospital or patient-related artifacts for later pickup by operators or other agents if cross-visibility is enabled, increasing data handling risk beyond the declared function.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The identity explicitly frames the agent as a Spanish-speaking persona without indicating that language should follow the user's preference. This can override user choice, reduce accessibility for non-Spanish speakers, and create misleading or exclusionary behavior in downstream interactions, though it is not a direct code-execution or data-exfiltration risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill exposes a hardcoded bearer token without any user-facing warning, meaning authenticated outbound communication could occur invisibly to the user. This undermines informed consent and materially increases the chance that sensitive healthcare context is transmitted to another system without the user's knowledge.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions tell the agent to send case context to other agent gateways but provide no privacy warning or consent mechanism. In the context of hospitalization and continuity-of-care analysis, such case context may include sensitive operational or health-related information, so undisclosed forwarding materially increases confidentiality and compliance risk.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill purpose and procedure are framed broadly around analysis, evaluation, audit, and normative guidance, but they do not define concrete activation triggers, refusal boundaries, or exclusion conditions. In an agentic system this can cause over-invocation or misrouting, leading the model to apply this skill to loosely related healthcare questions and produce authoritative-sounding audit or compliance output outside the intended scope.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal