ClawHub

Macau Clinic AI System

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable planning skill for Macau clinic AI systems, but real healthcare use needs privacy, consent, and compliance review.

Safe to install as a planning/reference skill. Do not use it with real patient information or live clinic systems unless the deployment has patient consent where required, data minimization, encryption, access control, audit logs, retention limits, vendor/security review, Macau legal review, and clinician approval before AI-generated records or codes are saved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description includes many broad trigger phrases such as general references to clinic AI, medical systems, and Macau healthcare, which can cause unintended invocation in unrelated conversations. In a healthcare-oriented skill, accidental activation is more dangerous because it may steer users into discussing sensitive medical operations or data workflows without appropriate caution, privacy framing, or scope limits.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill proposes AI medical records, appointment automation, and integrations with WhatsApp, WeChat, eHR, and cloud/local deployment, but provides no warnings about handling protected health information, consent, retention, cross-border transfer, vendor risk, or regulatory compliance. In a medical context this omission is especially serious, because users may implement workflows involving highly sensitive patient data through third-party services without understanding privacy, security, and legal obligations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal