Security audit

广东省病案统计管理系统SQL查询大师

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only SQL helper for a hospital medical-record system, but users must handle patient data carefully.

Install only if you are authorized to work with this medical-record database. Review generated SQL before running it, prefer aggregate or de-identified outputs, avoid unnecessary patient identifiers, and use least-privilege database accounts with auditing when querying real clinical data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill includes ready-to-run SQL that retrieves direct patient identifiers and sensitive medical information such as medical record number, name, diagnoses, operations, transfer history, and borrowing records, but provides no privacy, authorization, or minimum-necessary-use guidance. In a healthcare context this materially lowers the barrier to inappropriate PHI access and can enable insider misuse or overbroad data extraction.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill enumerates system user, group, menu, and permission tables without any warning that these structures contain account and authorization data. Even without exploit code, exposing this schema knowledge helps an operator or attacker target identity, privilege, and access-control data for enumeration or misuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal