Bytesagain Medical Scribe

Security checks across malware telemetry and agentic risk

Overview

This is a local medical document drafting helper, but users must handle patient data carefully and review all outputs clinically.

Use only in an approved clinical environment. Avoid unnecessary real patient identifiers, remember that command-line arguments can appear in shell history or process listings, and have a licensed medical professional verify diagnoses, medications, doses, interactions, and all EHR content before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This skill is designed to process highly sensitive health information and produce EHR-ready outputs, but the description and usage guidance do not include clear privacy, storage, transmission, or PHI-handling warnings. In a medical context, missing data-handling safeguards can lead users to paste identifiable patient data into insecure environments, creating compliance, confidentiality, and patient-safety risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal