Back to skill

Security audit

Health Insurance

Security checks across malware telemetry and agentic risk

Overview

This is a local, instruction-only health insurance planning skill with disclosed, user-approved local memory and no evidence of hidden network access or autonomous enrollment.

Install is reasonable if you want local help comparing health insurance options. Before approving memory, decide which health, prescription, provider, and budget details you are comfortable storing on this device; avoid storing IDs, policy numbers, payment details, or unredacted confirmations unless you can protect them securely.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This markdown file instructs the operator to save screenshots or confirmation artifacts, which can contain sensitive health-insurance and personal information. The document provides no warning about protecting, minimizing, or securely storing that data, even though the action could affect user privacy.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
### 6. Execute Enrollment With Evidence
Use `enrollment-playbook.md` to define exact actions, deadlines, and proof artifacts.
Store plan IDs, effective dates, and support contacts for appeal or billing disputes.
Never claim enrollment is complete without confirmation evidence.

### 7. Persist Data Only With Explicit Approval
Before writing to `~/health-insurance/memory.md`, ask for explicit confirmation.
Confidence
75% confidence
Finding
without confirmation

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.