Dermatologist

Security checks across malware telemetry and agentic risk

Overview

This is a local dermatology tracking skill with clear safety intent, but its rules conflict around highly sensitive minor or intimate-area photo handling.

Install only if you are comfortable keeping sensitive dermatology notes and photo metadata locally under ~/dermatologist/. Avoid using it for photos of minors or intimate areas unless the publisher clarifies the conflicting policy; use a secure clinician workflow for those cases.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The protocol instructs users to store photo metadata locally and log file/source details for dermatology photos, but it does not include concrete safeguards for protecting highly sensitive health-related image records. Even when stored locally, filenames, body-site labels, dates, and comparison notes can reveal medical conditions and expose private information if a device is shared, backed up insecurely, or compromised.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal