Back to skill

Security audit

YouYou 佑佑

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it should be reviewed because it handles sensitive health records while giving clinical-style medication, pediatric, emergency, and specialist guidance that conflicts with its stated limits.

Install only if you want a broad local health-record assistant and are comfortable reviewing its outputs carefully. Do not treat its specialist, child-care, medication, emergency, fertility, mental-health, or risk predictions as medical advice; verify medication doses, urgent symptoms, and treatment decisions with licensed clinicians or emergency services. Also confirm how your OpenClaw/agent runtime handles AI prompts and local files before entering sensitive health data, because the skill's local-only privacy claims are not technically proven by the markdown artifacts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (134)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill claims it only organizes health data, but elsewhere advertises 'multi-specialty consultation' features. In a health context, this can mislead users and platform policy enforcement into treating clinical-style analysis as simple recordkeeping, increasing the risk of inappropriate reliance on medically suggestive outputs.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
Documenting clinical-style consultation while disclaiming that the skill only organizes data creates inconsistent safety boundaries. In a sensitive medical setting, users may overtrust specialty-branded analysis, which can influence health decisions despite the disclaimer that no diagnosis is provided.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill makes strong privacy assurances that all health data stays local and is never uploaded, yet it exposes AI analysis/chat features without explaining whether the model runs locally or calls a remote service. In a health-data context, this is dangerous because users may disclose sensitive medical information under false assumptions, leading to privacy violations or regulatory noncompliance if backend AI services transmit data externally.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The file states that the system should not recommend intervention training plans, yet the delay example provides specific behavior-changing recommendations such as increasing prone time and language stimulation. In a pediatric health context, contradictory guidance can cause users to treat the tool as a clinical decision aid and follow unvalidated interventions instead of seeking qualified medical evaluation.

Intent-Code Divergence

Low
Confidence
80% confidence
Finding
The document claims that data is saved locally and not uploaded to the cloud, but this file is only a specification and provides no implementation evidence for that privacy guarantee. In a skill handling child health and developmental data, unsupported privacy assurances can mislead users into disclosing sensitive information under false assumptions about storage and transmission.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The file claims it will not perform diagnosis, but earlier sections instruct the system to map user symptoms to named illnesses such as pneumonia, gastroenteritis, and upper respiratory infection, then present those labels in saved reports. In a pediatric health context, that contradiction can mislead caregivers into treating a system-generated classification as medical judgment and delay proper evaluation.

Intent-Code Divergence

Medium
Confidence
82% confidence
Finding
The safety section says the system does not recommend specific drugs, yet the document repeatedly names antipyretics such as ibuprofen and acetaminophen and gives usage guidance. Even if these are generic drug names rather than brands, the practical effect is still medication recommendation to caregivers, which is risky for children when age, weight, contraindications, or co-administered medicines may be unknown.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The document states it does not prescribe, but then provides near-prescriptive pediatric dosing thresholds, mg/kg ranges, dosing intervals, and maximum daily frequency for fever medicines. In a child-care setting, these instructions can be acted on directly despite missing clinical factors like exact weight, age under threshold, dehydration, liver/kidney disease, duplicate ingredients, or prior dosing, creating a real risk of medication error or delayed urgent care.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill materially expands from general health data management into pediatric mental-health screening, symptom interpretation, and quasi-clinical guidance for anxiety, behavior, and ADHD. In a child-health context, this creates elevated safety and liability risk because users may rely on non-clinician screening outputs for sensitive psychiatric concerns, potentially delaying appropriate professional evaluation or mishandling serious symptoms.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The document states the system does not handle crisis situations, yet later includes crisis indicators and emergency directions. This contradiction can confuse operators and users about the system’s responsibility boundaries, increasing the chance that urgent cases are partially engaged by the tool instead of being immediately redirected to qualified emergency resources.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The command materially expands the skill from personal health data management into pediatric injury prevention, safety assessment, and emergency guidance. This scope drift is dangerous because it introduces high-risk decision support and quasi-safety functions that users may rely on despite the skill not being declared, reviewed, or constrained for that purpose.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The emergency section provides actionable first-aid instructions such as choking response, fever handling, poisoning, electrocution, and CPR-adjacent guidance, which can directly influence behavior during emergencies. In a skill whose stated purpose is health data management, these instructions are insufficiently justified and may be incomplete, jurisdiction-specific, age-specific, or unsafe if followed without proper safeguards.

Intent-Code Divergence

Low
Confidence
83% confidence
Finding
The document makes a privacy/security assurance that data is only stored locally and not uploaded, but this file contains only prose and no technical enforcement. In a health-data context involving children's sensitive sleep and profile information, an unenforced storage/transmission claim can mislead users into sharing sensitive data under false assumptions.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The command explicitly states it does not diagnose cognitive impairment or dementia, but later operational logic interprets MMSE/MoCA scores into labels such as mild, moderate, and severe cognitive impairment. In a health-management skill handling vulnerable older adults, this contradiction can cause the agent to present screening output as a quasi-diagnosis, creating a real risk of unsafe medical inference, delayed care, or inappropriate reassurance.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The file states it will not directly recommend prescription drugs or specific medications, but later provides treatment suggestions by GOLD group such as LAMA/LABA/ICS combinations. In a health-management skill, this can be interpreted by users as actionable treatment guidance without clinician review, creating risk of inappropriate self-medication or delayed professional care.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The document says it does not provide dosage adjustment advice, yet later gives a concrete acute exacerbation steroid regimen of prednisone 40mg/day for 5 days. In a COPD management context, specific dosing for systemic steroids is actionable medical advice and could cause unsafe self-treatment, contraindication-related harm, or delay urgent evaluation.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The command goes beyond passive health-data management and provides fertility timing, conception probability, and behavioral advice for trying to conceive. In a health skill handling intimate reproductive data, this creates a safety risk because users may rely on simplistic predictions and pseudo-quantified chances as medical guidance despite limited validation and no clinician oversight.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The analysis section generates personalized symptom-management and medication-preparation recommendations from tracked menstrual data, which exceeds simple recordkeeping and enters individualized health advice. Because the advice is derived from limited self-reported data and presented as actionable guidance, it may delay care or normalize symptoms that warrant professional evaluation.

Intent-Code Divergence

Low
Confidence
79% confidence
Finding
The file mandates that important outputs include a medical disclaimer, but multiple example outputs omit it, creating an inconsistency likely to propagate into implementation. In a reproductive-health workflow, missing disclaimers increase the chance users interpret predictions and recommendations as authoritative medical advice.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The file states it will not provide specific medication dosage adjustment advice, yet later includes concrete emergency self-treatment instructions for hypoglycemia such as ingesting 15g fast-acting carbohydrates and specific examples like juice or honey. In a health-management skill, this creates a safety-boundary mismatch: users may overtrust the system as medically authoritative, and the advice could be inappropriate for severe hypoglycemia, pediatric patients, or users with comorbidities.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The command extends from logging eye-health data into active ophthalmic medication management, including examples with prescription drugs such as atropine eye drops. In a health-management skill, this materially increases the risk that users interpret the system as endorsing treatment decisions, creating unsafe self-medication or inappropriate medication-tracking workflows without clinician validation.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The safety statement says the system does not recommend prescription drugs, yet later documentation includes adding prescription ophthalmic drugs and cites a prescription-use example. This contradiction weakens user trust boundaries and can cause the model or operator to cross from record-keeping into perceived medical guidance, especially in a domain involving regulated medications and vision-related harm.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
Although framed as monitoring, the command promises outputs like disease-stage-style screening status, comprehensive health scoring, progression-speed assessment, and warning-signal evaluation. In the medical context, these outputs can resemble diagnostic triage or clinical assessment, encouraging users to rely on system-generated interpretations rather than professional examination.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file explicitly states the system does not provide specific exercise prescriptions, yet it exposes '/fitness prescription' commands and labels outputs as exercise prescriptions. In a health-management skill, this contradiction can mislead users into treating generated guidance as personalized medical-grade advice, increasing the risk of unsafe exercise recommendations or delayed professional care.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The safety section says the system does not assess cardiovascular risk, but the interface offers condition-specific exercise recommendations for hypertension and diabetes. Because these conditions materially affect exercise safety, presenting tailored advice without risk assessment can cause users to follow inappropriate activity levels and creates a dangerous mismatch between claimed limitations and actual functionality.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal