Back to skill

Security audit

Insurance Claims Intelligence

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed insurance-claims advisory template package with sensitive decision-support examples, but it does not install hidden automation or executable claim-processing behavior.

Install only for drafting and review support. Treat denials, payout amounts, fraud labels, OCR outputs, and customer notices as drafts, and do not operationalize the sample code without privacy, security, compliance, audit, and licensed human-approval controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document claims it lacks automated claim decision capability, yet the included reference functions return concrete outputs such as pass/fail, REJECT/DEFER actions, and payout suggestions. In a claims-handling context, users may directly operationalize this code despite the disclaimer, creating de facto automated adjudication that can cause unfair denials, regulatory violations, and unsafe reliance on unvalidated logic.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The 'no automatic approval' statement is undermined by code that deterministically computes eligibility outcomes, rejection suggestions, and payout calculations. In insurance, this mismatch is dangerous because it can mislead adopters into thinking the artifact is safe for advisory use while still enabling automated decision-making on sensitive financial and health-related claims.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.