Back to skill

Security audit

血糖管理助手

Security checks across malware telemetry and agentic risk

Overview

This blood-sugar tracking skill is mostly coherent, but it handles sensitive health data and gives treatment-style diabetes advice without enough safeguards.

Install only if you are comfortable storing glucose records locally under the workbuddy directory and treating all predictions, insulin, medication, diet, and exercise guidance as informational. Do not use it to change insulin, medication dose, or emergency care decisions without a clinician.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (16)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation describes reading and writing sensitive health data to local files, including imports and persistent storage in the user's home directory, but no explicit permissions are declared. This creates a real security and privacy governance gap: users and the platform may not have clear visibility or enforcement over filesystem access for medical data.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The skill's declared purpose is narrower than the behavior described in the body, which also includes exporting data, generating reports, risk scoring, HbA1c estimation, and potentially medication or care-seeking guidance. For a health-related skill, undocumented medical-adjacent and data-handling capabilities increase user trust risk and can lead to unsafe reliance on functions the user did not knowingly authorize or expect.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The code goes beyond generic wellness guidance and provides medication-specific timing advice plus statements implying dose adjustment decisions when glucose is low or very high. In a diabetes-management skill, this is more dangerous because users may treat the output as individualized medical instruction, creating real risk of hypoglycemia, hyperglycemia, or delayed care despite the disclaimer.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The implementation embeds concrete therapeutic guidance for named diabetes drugs, which is not necessary for a blood-glucose logging/trend assistant and expands the skill into medical decision support. That scope expansion materially increases harm potential because incorrect timing or drug-specific advice can influence treatment behavior without clinician oversight.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is broad and includes common topics such as blood sugar, diet advice, and exercise advice, which can cause the skill to activate in contexts where the user did not intend to invoke a medical-data tool. Because this skill stores health information and may produce health recommendations, accidental invocation raises both privacy and safety concerns.

Missing User Warnings

High
Confidence
98% confidence
Finding
These sections provide actionable hypoglycemia and hyperglycemia treatment steps, including glucagon, IV glucose, ketone testing, exercise restrictions, and thresholds for seeking care, but they are presented as generic instructions without a clear warning that they are not individualized medical advice. In a consumer-facing blood glucose management skill, users may follow them directly in urgent situations despite differences in age, pregnancy, comorbidities, medications, and diabetes type, creating a real risk of harm.

Missing User Warnings

High
Confidence
99% confidence
Finding
This passage gives a carbohydrate-to-insulin dosing ratio that can be interpreted as direct self-dosing guidance, while also noting individual variation without requiring professional supervision. Even approximate insulin dosing advice is high risk in a general-purpose assistant because incorrect use can cause severe hypoglycemia, hyperglycemia, or delayed care.

Missing User Warnings

High
Confidence
99% confidence
Finding
The file recommends adjusting medication doses for dawn phenomenon, Somogyi effect, post-meal hyperglycemia, and fasting hyperglycemia, but does not explicitly warn against unsupervised medication changes. In the context of a glucose-management assistant, this is especially dangerous because users may treat these recommendations as personalized instructions and alter insulin or other diabetes medications incorrectly.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The knowledge base is entirely in Chinese and includes China-specific emergency guidance such as calling 120, without indicating that advice should be localized to the user's language and region. In a health-related skill, this can cause misunderstanding or delayed emergency response for users outside the intended locale, especially during hypoglycemia or ketoacidosis events.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script automatically reads sensitive glucose history from a fixed file in the user's home directory without explicit runtime notice, consent, or clear indication that personal health data is being accessed. In a health context, silent access to longitudinal glucose records is privacy-sensitive and may surprise users or cause unauthorized disclosure if run in shared environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script generates glucose predictions, risk assessments, and meal-response estimates that could influence treatment or dietary decisions, yet most user-facing outputs lack an explicit warning that they are heuristic estimates and not medical advice. In a health context, omission of strong safety messaging and escalation guidance can lead users to over-trust the outputs and delay appropriate care, creating real-world safety harm.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script stores highly sensitive health data in a predictable local path under the user's home directory and allows exporting it without any privacy notice, consent flow, or protection controls. In a health-management context, this increases confidentiality risk if the workstation is shared, backed up insecurely, or the files are later exfiltrated by other malware or users.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This file generates blood glucose predictions, risk labels, and behavioral recommendations such as eating carbohydrates, exercising, or adjusting diet, but it does not consistently present a clear user-facing disclaimer that the outputs are simplified estimates and not medical advice. In a health-management skill, users may over-trust these recommendations and act on inaccurate predictions, creating real risk of hypo/hyperglycemia or delayed medical care.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill provides treatment-style medical instructions such as consuming specific amounts of carbohydrates and retesting glucose without a clear disclaimer, clinician review, or escalation boundaries. In a blood-glucose management context, users may rely on these outputs as medical advice, and incorrect or inapplicable instructions could contribute to hypoglycemia, hyperglycemia, delayed care, or other physical harm.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script persists blood glucose readings, which are sensitive health data, without any explicit notice, consent prompt, or indication of where and how the data will be stored. In a health-management skill, users may reasonably provide data assuming ephemeral processing, so silent persistence increases privacy and compliance risk if the host environment is shared, synced, or later compromised.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description activates on a wide set of common health-related phrases such as blood sugar, diet advice, and exercise advice, without clear scoping or user confirmation. In a health/medical context, overbroad triggering can cause the skill to intercept conversations it was not explicitly requested for, leading to unsolicited medical-style guidance or collection/processing of sensitive health information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.