Back to skill

Security audit

Xiwang Medical Research

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local search-and-script helper for a named medical research document folder, with no evidence of exfiltration, persistence, destructive behavior, or hidden execution.

Install only if you intend to search the named 烯旺 medical research corpus. Do not point the script at broad personal, corporate, or patient-data folders. Treat generated health or product-promotion copy as research/marketing draft material that needs clinical and legal review before publication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to read from a specific local filesystem path and invoke a search script over document contents, but it declares no permissions. This creates an undeclared file-read capability that can expose sensitive local documents or enable broader-than-expected data access if the directory argument is altered or the skill is reused in another context.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill description claims a narrowly scoped search over a fixed corpus and automatic script generation, but the documented behavior allows scanning arbitrary caller-supplied directories and includes extra enumeration commands. This mismatch is dangerous because users and policy systems may trust the declared purpose while the actual capability can be used for broader local file discovery and content extraction than expected.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file indexes a large set of medical-treatment and disease-related materials and is explicitly designed to support generation of medical/scientific search results and promotional video scripts, but it provides no safety disclaimer, non-medical-advice notice, or requirement for clinical review. In this context, users may treat retrieved claims about cancer, cardiovascular prevention, insomnia, gynecology, and other conditions as validated treatment guidance, increasing the risk of unsafe self-treatment, misleading health marketing, or regulatory noncompliance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script accepts a user-supplied directory path, recursively scans all .docx/.pdf files, and returns matched paragraphs plus surrounding context. That behavior can expose sensitive document contents and file metadata from any accessible path if the caller points it at unintended directories, and there is no path restriction, consent prompt, or output minimization. In a medical-research retrieval skill, the risk is elevated because documents may contain confidential research, health-related information, or internal corporate materials.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.