TCM Diagnosis

Security checks across malware telemetry and agentic risk

Overview

This is a coherent TCM health-advice skill, but it uses broad or always-on medical activation and describes persistent health-consultation memory without clear user consent or deletion controls.

Review before installing if you may discuss personal health. Treat all diagnosis, formula, and dietary suggestions as educational only, avoid sharing sensitive health details unless you accept possible persistent memory, and seek licensed medical care for symptoms, medication decisions, pregnancy, children, chronic illness, worsening symptoms, or emergencies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (13)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrase "养生" is broad and likely to appear in ordinary conversation, which can cause accidental activation of the skill outside a clear medical-help context. In a health-related assistant, unintended activation is more concerning because it may elicit quasi-medical guidance when the user did not explicitly request diagnosis or advice.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrase "体质" is highly generic and can be used in many non-activation contexts, making unintended invocation plausible. Because this skill performs health assessment functions, accidental triggering could start collection of sensitive health information or produce health guidance without sufficiently clear user intent.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrase "看病" is broad and likely to appear in ordinary conversation, which can cause the medical skill to activate unintentionally. In a health-related skill, accidental activation is more concerning because it may elicit symptom collection or produce quasi-diagnostic guidance in contexts where the user did not explicitly request medical-style assistance.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: Single-word triggers like "体质", "食疗", and "养生" are highly ambiguous and may be used in general discussion unrelated to invoking this skill. Because the skill provides health and treatment-adjacent recommendations, unintended activation can misroute conversation into medical guidance without sufficient user intent or context.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This identity file presents the agent as a diagnosis assistant that performs syndrome differentiation, recommends formulas, and gives acupoint and dietary guidance, but its safety boundary is not strong enough for high-risk symptoms. Although it says it cannot replace an in-person doctor and does not handle emergencies, it does not explicitly instruct users with serious, worsening, or unclear symptoms to seek licensed medical care promptly, which can lead to delayed treatment or unsafe self-management.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase "养生" is broad and likely to appear in ordinary health-related conversation, which can activate the skill unintentionally. In a health-advice context, accidental activation can cause the agent to switch into a specialized response mode without clear user intent, increasing the chance of confusing or overreaching medical-style guidance.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrase "看病" is very broad and likely to match many ordinary user requests for medical help, causing the skill to activate in situations where the user did not explicitly request this specific capability. In a medical context, unintended activation is more dangerous because it can steer users into diagnostic or treatment flows and produce health-related guidance without clear consent or sufficient triage.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The downstream skills are configured to run "automatically" after prior steps, but the conditions are not precisely defined, making routing behavior unpredictable and easy to trigger accidentally. In this medical skill, ambiguous auto-chaining is especially risky because it can move from intake to syndrome analysis and formula recommendation without explicit user consent, adequate validation, or safety checks, increasing the chance of unsafe health advice.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The usage section defines extremely generic trigger phrases such as “看病”, “体质”, and “食疗”, which can easily appear in ordinary conversation and unintentionally activate the skill. In a medical-adjacent agent, accidental routing is more dangerous because users may receive quasi-diagnostic guidance without clearly intending to invoke the tool, increasing the chance of inappropriate health advice or missed escalation.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrases for the diagnosis agent include very common terms such as "看病" and "问诊", plus a catch-all condition of users merely describing symptoms. In a medical skill, overly broad routing can cause the agent to engage diagnostic or quasi-medical workflows unexpectedly, increasing the chance of unsolicited medical guidance, privacy-sensitive health data collection, or unsafe escalation into treatment recommendations.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The wellness agent is triggered by broad everyday terms like "养生" and "保健", which may appear in casual conversation without a clear request for structured health guidance. In this healthcare context, vague activation can lead to unintended health advice, collection of medical-context information, or interaction with users who should instead be redirected to professional care or emergency services.

Vague Triggers

High

Confidence: 94% confidence
Finding: The role is configured as 'always active', which removes any scope boundary and allows this medical persona to influence all interactions regardless of user intent or task relevance. In a health-related skill, this is especially risky because it can cause unsolicited medical framing, suppress safer routing to general or emergency guidance, and create persistent instruction precedence that is difficult to override.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: Repeating that the role is 'always active' reinforces an unbounded trigger model and increases the chance that downstream orchestration treats the persona as globally authoritative. In this file's medical context, that persistence raises the likelihood of inappropriate medical-style responses in unrelated or high-risk situations, even though the file also contains some safety disclaimers.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal