Back to skill

Security audit

Clinical Doc Assistant

Security checks across malware telemetry and agentic risk

Overview

The skill is purpose-aligned for clinical documentation, but it handles patient data and includes a hosted backend scaffold that is not safe to deploy unchanged.

Use sandbox or synthetic data for testing. Do not deploy backend.py unchanged for real patient data; first require real account-bound API keys, restrict CORS, add rate limiting and audit controls, minimize or redact PHI before model calls, and confirm HIPAA-eligible hosting plus BAAs with every service that receives PHI.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The code comments assert that no PHI is stored after the LLM call, yet the service sends raw patient context to a third-party LLM and shows no de-identification, retention controls, BAA enforcement, or deletion workflow. In a healthcare context, this can result in unauthorized disclosure of sensitive patient data and create regulatory and contractual compliance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs operators to deploy a hosted backend and add an API key, but it does not clearly warn that hosted mode may cause clinical/FHIR data to leave the local environment and be processed by third-party services. In a healthcare documentation skill, this omission can lead users to send PHI to infrastructure or model providers without fully understanding the privacy, compliance, and data-handling implications.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The backend transmits patient context to Anthropic, but this file provides no explicit user-facing consent, warning, or policy gate before sending healthcare data off-platform. In a clinical documentation assistant, hidden third-party transmission of patient data materially increases privacy and compliance risk even if the transport is encrypted.

Ssd 3

Medium
Confidence
84% confidence
Finding
The prompt construction directly embeds user-supplied patient context and clinician notes into the LLM input and asks for a draft document based on that content, with no masking, field-level filtering, or safeguards against reproducing unnecessary sensitive data. In this medical setting, that can cause over-disclosure of PHI in generated outputs or downstream logs, especially if users provide more data than needed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.