ClawHub

Medical Briefs

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only medical research briefing skill with no code, credentials, or hidden system access, though users should treat its medical summaries as research aids rather than advice.

Install only if you want research-style medical briefings. Verify linked articles and clinical impact labels before relying on them, avoid using the output for patient-specific decisions by itself, and keep any repeat-avoidance history limited to article links or identifiers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill is triggered by very broad phrases such as requests for medical news, research updates, and specialty-specific updates, which can overlap with common user queries and cause the skill to activate in situations the user may not have intended. In a medical context, over-broad routing is more dangerous because it can steer users into clinician-oriented summaries without clear qualification, increasing the risk of misapplied or misunderstood medical information.

Natural-Language Policy Violations

Low
Confidence
88% confidence
Finding
The skill explicitly frames outputs as clinician-focused but does not enforce that audience restriction or present it as a clear opt-in requirement. This is risky because non-clinician users may receive dense, research-oriented medical summaries or practice-oriented framing without appropriate context, disclaimers, or redirection, which is especially sensitive in healthcare settings.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal