ClawHub

小象中医体质辨识

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it should be reviewed because it asks sensitive health questions and gives personalized food/TCM recommendations without clear medical-safety limits.

Install only if you want a TCM-style wellness questionnaire, not a medical tool. Avoid sharing unnecessary sensitive health information, and do not rely on its recommendations for diagnosis, treatment, medication decisions, pregnancy concerns, chronic illness, allergies, or severe or persistent symptoms; consult a qualified clinician in those cases.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger condition is broad enough to overlap with generic health, wellness, and diet conversations, which can cause the skill to activate outside its intended scope. In a health-related skill, unintended activation is risky because it may steer users into a rigid diagnostic flow and produce quasi-medical recommendations without sufficient context or consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill performs health-status assessment, constitution identification, and dietary recommendation but does not tell users that the output is informational rather than medical advice, nor does it direct users to clinicians for concerning symptoms. This is dangerous because users may over-trust the assessment, delay appropriate care, or rely on food suggestions in situations that require professional evaluation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file provides symptom- and constitution-based recommendations for medicinal-food items that could influence user health decisions, yet it contains no safety disclaimer, scope limitation, or advice to seek qualified medical care. In the context of a health-related skill using traditional medicine concepts and recommending ingestible items with contraindications, omission of warnings increases the risk of inappropriate self-treatment, delayed care, or use despite adverse conditions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal