ClawHub

Dental Ai Receptionist

Security checks across malware telemetry and agentic risk

Overview

This dental receptionist skill is coherent, but it needs Review because it can change appointments, contact patients, and spread sensitive patient data without enough built-in safeguards.

Review carefully before installing in a real dental practice. Use only in a sandbox until webhook authentication/signature checks are added, credentials are least-privilege, patient SMS/voice consent and opt-out handling are enforced, PHI/PII storage and third-party sharing are minimized, vendor compliance is confirmed, and staff approval is added for cancellation, no-show, and waitlist actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (13)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This skill is explicitly designed for a healthcare setting and processes patient names, phone numbers, appointment data, recall status, and call summaries across multiple third-party services including Vapi, Twilio, Google Sheets, Google Calendar, OpenAI, HubSpot, and a PMS. The documentation presents this as production-ready but does not warn users about sensitive patient data handling, consent, retention, cross-border transfer, or HIPAA/privacy compliance risks, which can lead operators to deploy it in a non-compliant manner and expose protected health information.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The workflow exposes a publicly reachable POST webhook and immediately processes untrusted inbound data without any visible authentication, signature verification, source allowlisting, replay protection, or trigger constraints. In a dental receptionist context, this allows arbitrary parties to inject fake call events that can poison logs, trigger downstream workflows, and cause unauthorized processing of patient-related data.

Missing User Warnings

High
Confidence
95% confidence
Finding
The workflow writes caller and call metadata to Google Sheets, and the parsed object includes additional patient-related fields such as name, phone, email, appointment details, summaries, transcripts, and recording URLs. In a dental practice, this is highly sensitive healthcare-adjacent information; storing it in a spreadsheet without minimization or access controls increases the risk of unauthorized disclosure and privacy/regulatory violations.

Missing User Warnings

High
Confidence
96% confidence
Finding
The workflow forwards the full parsed call object to multiple downstream webhooks via HTTP, including raw payload content and extracted patient data. Because this is a medical-office receptionist flow, broad internal redistribution of call content materially increases exposure of sensitive personal and appointment information, and if the base URL is misconfigured or external, it could result in data exfiltration.

Missing User Warnings

High
Confidence
95% confidence
Finding
The workflow automatically sends SMS messages, initiates voice calls, updates appointment records to 'no_show', emails staff with patient details, and triggers waitlist actions without any visible consent, human review, or verification step. In a dental setting this handles regulated patient data and treatment-related scheduling information, so mistakes or abuse could cause privacy violations, unauthorized outreach, incorrect records, and downstream operational harm.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The workflow exposes a POST webhook that appears to accept arbitrary inbound data and immediately processes it into logs, SMS messages, and urgent staff alerts without any visible authentication, signature verification, source allowlisting, or shared-secret validation. An attacker could invoke this endpoint directly to generate fake after-hours patient records, spam patients or staff, and trigger urgent escalation paths containing PHI-like content, which is especially sensitive in a dental/healthcare context.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The workflow exposes a publicly reachable POST webhook at a generic FAQ path with no visible authentication, signature validation, source allowlisting, or shared-secret check. That allows unauthorized parties to invoke the flow, trigger OpenAI/Twilio/Sheets activity, and potentially spam patients, poison logs, or generate operational cost and downstream privacy issues.

Missing User Warnings

High
Confidence
93% confidence
Finding
This workflow sends patient question content, names, and phone numbers to multiple third parties and stores them in Google Sheets, but there is no visible consent gate, minimum-necessary filtering, or de-identification in the flow. In a dental context, free-text questions can contain sensitive health information, so broad external transmission and spreadsheet logging materially increase privacy, compliance, and data-governance risk.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The workflow exposes a POST webhook that accepts arbitrary inbound data and immediately triggers downstream actions including AI summarization, staff email, SMS alerts, and logging, with no visible authentication, signature verification, IP allowlisting, or schema validation. An attacker could spam the endpoint, inject misleading patient/escalation content, trigger unauthorized notifications, and poison operational records containing sensitive dental call information.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow sends identifiable patient data and likely regulated health-related data (name, phone, email, insurance, service history, notes) to third-party systems including HubSpot and a PMS API, but the workflow contains no consent check, authorization gate, or minimization step before transmission. In a dental receptionist context this is more dangerous because the data is healthcare-adjacent and may be sensitive, so unauthorized syncing can create privacy, compliance, and data-governance violations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This workflow accepts unauthenticated inbound webhook data and uses the claimed sender phone number to update appointment and patient records, trigger cancellation flows, and forward message contents to internal webhooks. Without validating that requests genuinely originate from Twilio and correspond to an authorized patient/session, an attacker can spoof requests to confirm, cancel, or alter patient communication preferences and cause unauthorized disclosure or corruption of patient data.

External Transmission

Medium
Category
Data Exfiltration
Content
{
      "parameters": {
        "method": "POST",
        "url": "https://api.hubapi.com/crm/v3/objects/contacts",
        "sendHeaders": true,
        "headerParameters": {
          "parameters": [
Confidence
84% confidence
Finding
https://api.hubapi.com/

External Transmission

Medium
Category
Data Exfiltration
Content
{
      "parameters": {
        "method": "POST",
        "url": "https://api.hubapi.com/crm/v3/objects/contacts/batch/upsert",
        "sendHeaders": true,
        "headerParameters": {
          "parameters": [
Confidence
80% confidence
Finding
https://api.hubapi.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal