ClawHub
Back to skill

Security audit

Barefoot Doctor 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed medical-reference skill with appropriate warnings and no hidden system access, though users should treat its health guidance as educational only.

Install only if you want a general Chinese/TCM medical reference assistant. Do not use it as a substitute for a clinician, for medication decisions, pregnancy or pediatric care, severe symptoms, or emergencies; use emergency services or professional care for urgent or worsening symptoms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger conditions are extremely broad and match many ordinary health-related queries, which can cause the skill to activate unexpectedly. In a medical skill, unintended activation is more dangerous than in low-risk domains because it may steer users toward medical guidance or emergency advice they did not explicitly request, increasing the chance of unsafe reliance or context confusion.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This file provides extensive symptom interpretation and diagnostic heuristics, including potentially serious presentations, but does not prominently direct users to seek urgent professional or emergency care for red-flag symptoms. In a medical consultation skill, users may rely on this content for self-diagnosis and delay treatment for emergencies such as severe infection, acute abdomen, stroke, sepsis, or other life-threatening conditions.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.