ClawHub

CareMax Records

Security checks across malware telemetry and agentic risk

Overview

This medical-record skill is purpose-aligned, but it needs review because it can process sensitive health data through AI backends and automatically saves medical chat history without clear opt-in or retention limits.

Review before installing. Use only if you trust CareMax and the separate caremax-auth helper, understand where credentials and chat history are stored, and are comfortable with medical questions and record excerpts being processed by AI/vector backends. Prefer explicit user confirmation before authentication, record retrieval, or chat use, and delete saved chat history when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill’s stated purpose is querying/searching medical records, but the documentation expands functionality into persistent AI chat and history management for highly sensitive medical data. This materially broadens data collection and retention beyond user expectations, increasing privacy and compliance risk because health conversations may be stored even when a user only intended a one-time record lookup.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Automatically saving all medical AI conversations is risky because these prompts and responses can contain protected health information, medication questions, genetic details, and other sensitive data unrelated to the minimum necessary purpose of record search. The storage is described as automatic and mandatory, with no visible consent, minimization, or retention controls, which can create significant privacy exposure if accessed, misused, or retained too long.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger terms are broad enough to match many common health-related requests, which may cause the skill to activate for sensitive topics such as medication or diagnoses without clear boundary conditions. In a medical-records skill, over-broad triggering increases the chance that sensitive user input is routed to backend search/RAG systems unexpectedly.

Missing User Warnings

High
Confidence
96% confidence
Finding
The documentation introduces AI chat that automatically saves all conversations, but the skill description and user-facing guidance do not prominently warn users before they submit sensitive medical questions. This undermines informed consent and can lead users to disclose PHI, genetic data, and medication details without understanding that the interaction will be retained.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill routes sensitive medical records and natural-language questions through semantic search and RAG/LLM backends, but it does not provide a prominent warning that highly sensitive health data may be transmitted to backend AI services. Because the examples include genetic and medication-related queries, this omission creates substantial privacy, confidentiality, and regulatory risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal