Health Checkup Report

Security checks across malware telemetry and agentic risk

Overview

This health-oriented skill appears non-malicious, but its medical guidance should be reviewed because it may give diagnosis-like or treatment-like advice despite saying it is informational only.

Install only if you want an informational health assistant and will treat its output as discussion prompts for a licensed clinician, not as diagnosis, treatment, or supplement instructions. Do not use it for urgent symptoms or serious abnormal lab results.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill states it is non-diagnostic, but multiple examples cross into diagnostic language and concrete treatment advice, such as asserting likely diseases and recommending therapies. In a health context, this can cause users to rely on the model as a medical authority, creating risk of inappropriate self-treatment, delayed care, or false reassurance despite the disclaimer.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The safety section says the skill is informational only, but later examples present confident diagnostic interpretations that undercut that safeguard. This inconsistency is dangerous because users are more likely to trust the detailed examples over the abstract disclaimer, especially for potentially serious lab findings.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal