ClawHub

Gut

Security checks across malware telemetry and agentic risk

Overview

This is a text-only digestive-health education skill with clean scanner telemetry, but users should treat its diet and symptom guidance as informational rather than medical care.

Install only if you want general book-based digestive-health education. Do not use it to diagnose symptoms, replace prescribed medication, or manage persistent, severe, worsening, or alarming symptoms; consult a clinician for blood or black stool, severe pain, dehydration, fever, weight loss, chronic diarrhea, pregnancy, children, older adults, or immune compromise.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The philosophy section presents sweeping medical claims such as 'most digestive problems are caused by what we eat' and advises trying diet changes before medication. In a health skill, categorical statements like these can mislead users into delaying appropriate care or overgeneralizing from book-derived advice to personal medical decisions.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The invocation example recommends a quasi-therapeutic protocol (low-FODMAP elimination, breathing exercises, sleep changes) and states that improvement comes 'not from medication,' which may discourage medically indicated treatment. Because the skill is framed as book-based guidance rather than clinical care, this crosses into personalized health advice without safeguards.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list is very broad, including generic phrases like 'gut,' 'digestive system,' 'probiotics,' and even onboarding-style cues such as a user not knowing how to start. This raises the chance the skill activates in ordinary conversations and injects health guidance where the user did not explicitly request this specialized content.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill provides health-related explanations and practical recommendations but does not warn users that it is informational and not a substitute for professional medical advice. In this context, the lack of a disclaimer increases the risk that users treat book summaries as diagnosis or treatment guidance.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The file gives actionable self-treatment advice for diarrhea and restrictive elimination diets without a clear warning about red-flag symptoms or when to seek professional care. In a consumer health skill, users may rely on this guidance instead of getting evaluation for dehydration, GI bleeding, severe pain, persistent symptoms, or medically significant food intolerances, increasing the risk of delayed care or unsafe dietary restriction.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The scenario recommends a low-FODMAP elimination diet for 2-4 weeks and systematic food reintroduction without a clear user-facing warning to consult a clinician or dietitian first. Restrictive diets can worsen nutritional adequacy, mask more serious causes of bloating, or delay diagnosis if users self-manage persistent symptoms based on this content alone.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The stool-color guidance identifies red stool as blood and black stool as upper GI bleeding, but it does not clearly instruct users to seek urgent medical evaluation. In a health-oriented skill, users may rely on the content for triage; ambiguous phrasing can delay care for potentially serious bleeding or other acute conditions.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal