Back to skill

Security audit

Redcap Crf Generator

Security checks across malware telemetry and agentic risk

Overview

This skill mostly performs local REDCap CSV generation, but its instructions add sharing clinical-derived CSV files through Feishu without clear consent, recipient, or privacy controls.

Review this skill before installing in any clinical or regulated setting. Use it only with de-identified test documents unless you can control where outputs go, avoid or explicitly approve any Feishu sharing, and manually validate the generated REDCap CSV before importing it into a study.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The documented workflow adds Feishu file delivery even though the skill is presented as a local document-to-CSV converter, introducing an undocumented external data transfer path. Because CRF and protocol-derived CSVs may contain sensitive clinical or subject-related information, this creates a meaningful risk of unintended disclosure or compliance violations.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Transmitting generated CSV files via Feishu is not necessary for the stated core function and introduces an unnecessary third-party sharing channel. In the context of REDCap data-dictionary generation for clinical documents, even derived outputs can embed identifiers, study metadata, or sensitive schema details, making unjustified exfiltration more dangerous.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes sending generated CSVs through Feishu without a user-facing warning or consent flow about data sharing. Given the medical context, uploaded source documents and resulting data dictionaries may involve regulated health-related information, so silent transmission to an external platform materially increases privacy and compliance risk.

VirusTotal

45/45 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.