ClawHub

Hospital Visit Prep

Security checks across malware telemetry and agentic risk

Overview

This text-only hospital-prep skill has no malware-like behavior, but it needs review because one pediatric fever example conflicts with its stated no-medication-advice boundary.

Review the medical-safety wording before installing. The skill is text-only and does not appear to access files, credentials, or the network, but users should not rely on it for diagnosis, emergency decisions, or medication choices, especially for children; medication examples should be removed or tightened before broad use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The 'What This Skill Does NOT Do' section explicitly says the skill does not provide emergency first aid, disease diagnosis, or prescribe medication. However, later sample outputs include home-care instructions such as tepid sponge baths and recommend ibuprofen or acetaminophen for a febrile child, which are treatment and medication directions that contradict the stated non-capabilities.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The file says that if any red-flag emergency symptom matches, the skill must immediately stop all other processing and output only the emergency warning. But Sample 5 continues with urgency classification, home care, department recommendation, checklist, and script after an emergency-oriented safety check, weakening the stated stop-on-emergency behavior and creating conflicting intent guidance.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The file declares support for both English and zh-CN at L009, and includes English scenarios, but L084 requires every response to end with a fixed disclaimer block whose content is almost entirely Chinese. This imposes a locale choice on users without offering an English version or opt-in, which is a natural-language locale policy issue.

Hidden Instructions

High
Category
Prompt Injection
Content
to the Chinese healthcare system. 就医全流程导航,科室匹配、物品清单、医保导航、问诊话术一站式生成。
---

<!-- ============================================================
     HOSPITAL VISIT PREP SKILL
     Chinese Healthcare System — Hospital Visit Preparation Engine
     ============================================================ -->
Confidence
70% confidence
Finding
<!-- ============================================================ HOSPITAL VISIT PREP SKILL Chinese Healthcare System — Hospital Visit Preparation Engine ===============================

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal