Back to skill

Security audit

Urgent Appointment Scramble Board

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a document-only appointment tracker, but its examples include unsafe healthcare access advice and expand into portal monitoring and sensitive medical-document handling without adequate safeguards.

Install only after reviewing the examples carefully. The manual call-log board is reasonable, but the skill should be revised to remove scalper/broker suggestions and either remove portal monitoring and medical-document packet assembly or define explicit consent, credential, PHI, storage, retention, and official-channel limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The README explicitly recommends '黄牛渠道(300-1000元,有风险但管用)', i.e. scalper/black-market channels, as an effective option. That steers users toward unauthorized or illegal appointment acquisition, creating legal, fraud, and patient-safety risks that are outside the stated purpose of a legitimate appointment-tracking skill.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The scenario says the skill will monitor patient portals and send alerts, which expands behavior beyond the documented logistics-only/manual-tracking scope. Scope contradictions are dangerous because downstream agents or users may rely on unauthorized automation or implied access to external systems, increasing privacy, compliance, and unsafe-action risks.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
This scenario claims the skill will assemble a single PDF containing insurance-card images and medical records, contradicting the stated logistics-only role. That introduces sensitive health and identity-document handling without any stated consent, minimization, storage, or transmission safeguards, creating privacy and security exposure.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The example explicitly recommends using scalper/broker channels ('黄牛渠道') to obtain hospital appointments. This is dangerous because it normalizes potentially illicit intermediaries, exposing users to fraud, bribery, privacy theft, and violations of hospital rules or local law.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises monitoring patient portals and sending booking alerts without explaining how credentials, session data, health information, or consent are handled. In a healthcare context, portal monitoring can implicate sensitive personal and medical data, so omitting privacy and access safeguards materially increases the risk of misuse or unsafe deployment.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The Chinese example presents scalping channels as a practical method 'with risk but effective,' without a clear prohibition. That normalizes unauthorized appointment access and may encourage users to bypass legitimate systems, exposing them to scams, legal consequences, and unfair access to care.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The example guidance to use scalper/broker channels directly conflicts with the skill's safety boundaries and acceptable-use posture. A contradiction inside the skill is especially dangerous because examples are often copied verbatim, making harmful behavior appear endorsed and operationally recommended.

Ssd 2

Medium
Confidence
94% confidence
Finding
The culturally specific wording around '捡漏/加号' culminates in advice pointing to unauthorized scalper access, which can subtly steer users toward illicit behavior even without explicit exploit terminology. In a healthcare access tool, this is especially dangerous because users may be under stress and more likely to follow risky instructions involving fraud or unsafe intermediaries.

Ssd 4

Medium
Confidence
96% confidence
Finding
The narrative treats illicit scalper channels as a practical fallback, which can legitimize unlawful or exploitative conduct in a healthcare-adjacent context. In this skill context, that is more dangerous because users are under urgency and may be more likely to follow unsafe recommendations involving money, personal details, or black-market access.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.