Pharmaceuticals Exploration

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed PatSnap pharmaceutical research skill that uses external MCP services and an API key, with credential and privacy cautions but no evidence of hidden or malicious behavior.

Install this only if you intend to use PatSnap's external life-science services. Use a dedicated or least-privilege API key if available, be aware the key may appear in shell history or MCP configuration, and avoid submitting confidential research unless your organization permits PatSnap processing. Treat medical and drug-safety outputs as research support, not clinical advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill's activation criteria are broad enough that it may trigger for loosely related prompts or whenever other skills invoke it, causing unnecessary access to external pharma data services and potentially steering conversations into high-risk medical or drug-analysis workflows the user did not explicitly request. In a medical/pharmaceutical context, over-triggering is more dangerous than in a generic domain because it can produce authoritative-sounding drug information, create privacy/compliance concerns, and expand the attack surface for tool misuse or prompt chaining across skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal