ClawHub

build-healthcare-faq-page

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only healthcare FAQ drafting skill with no code, persistence, credentials, or hidden access, though users should review healthcare content carefully before publication.

Use this only for general healthcare FAQ drafts. Do not include PHI or patient-specific details in prompts, verify any web_search-derived claims against trusted sources, and require clinical or compliance review before publishing patient-facing or regulated medical content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The suggested prompt, "[Build Healthcare FAQ Page] for my team," is so broad that it can trigger the skill for essentially any healthcare-related content request without requiring scope checks, safety boundaries, or confirmation that the task is non-clinical. In a healthcare context, that ambiguity is more dangerous than usual because users may apply the skill to patient-facing or regulated medical content where inaccurate or non-compliant output can cause real-world harm.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description and 'Use When' guidance describe a broad healthcare content function without clearly limiting the skill to safe content categories or stating when it must not be used. Because the skill is intended for customer-facing healthcare answers, unclear activation conditions can lead agents to use it for sensitive medical communications, increasing the risk of unsafe advice, misinformation, privacy issues, or regulatory violations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal