神經科病歷助手

Security checks across malware telemetry and agentic risk

Overview

This is a simple neurology note-structuring skill, but users should handle patient records carefully and have a qualified clinician review any medical suggestions.

Install only if you are authorized to process the medical text you provide. De-identify patient records where possible, use an approved privacy environment, and treat diagnosis or treatment suggestions as drafting support that must be reviewed by a qualified clinician before clinical use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill is explicitly designed to process outpatient medical records, which are highly sensitive personal and health data, but it provides no warning about privacy, consent, retention, or de-identification requirements. In a medical context, this omission materially increases the risk that users will paste protected health information into an AI workflow without appropriate safeguards, creating confidentiality, compliance, and patient-safety exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal