ClawHub

Fragile Lives

Security checks across malware telemetry and agentic risk

Overview

This text-only memoir skill has no malware-like behavior, but it needs review because it gives under-scoped medical advice that normalizes bypassing protocols, consent, and legal safeguards.

Review this carefully before installing. It is not showing signs of malware, but it may steer general medical conversations toward dramatic, protocol-breaking surgical lessons. It should be treated as memoir commentary only, not as medical, legal, emergency, ethics, or professional practice guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is broad enough to match common medical and surgery-related phrases, which can cause the skill to activate when the user did not specifically request this memoir-oriented content. Unintended invocation can hijack conversations, inject irrelevant guidance, and reduce user control over when specialized content is introduced.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The instruction to activate when a user 'doesn't know how to start' is ambiguous and not reliably measurable from user input. That ambiguity can lead the agent to infer intent too aggressively and present the skill in contexts where the user did not ask for it, creating prompt injection-like overreach in routing behavior.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The skill mandates proactive presentation of a full Quick Start on first load, but the description does not clearly warn users that this auto-presentation behavior will occur. This weakens transparency and informed consent, making unexpected output more likely and increasing confusion when the skill appears unprompted.

Missing User Warnings

High
Confidence
97% confidence
Finding
This content explicitly encourages clinicians to prioritize breaking protocol, acting without established approval, and proceeding with high-risk interventions without any surrounding safety framing, legal context, or warning that such decisions must remain within licensed emergency practice and institutional governance. In a skill positioned as a practical 'playbook,' this can normalize unsafe medical decision-making and be misused as justification for bypassing safeguards in real patient care.

Natural-Language Policy Violations

Critical
Confidence
99% confidence
Finding
The document goes beyond describing controversial cases and affirmatively endorses bypassing legal and ethical safeguards, including ethics committee skepticism and operating without consent, culminating in the statement that 'the ethical thing to do is the legally questionable thing.' That is dangerous because it provides natural-language justification for overriding consent and governance mechanisms in a medical context where such safeguards exist to prevent patient harm, abuse, and unlawful experimentation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal