Back to skill

Security audit

Dental Clinic Assistant

Security checks across malware telemetry and agentic risk

Overview

This dental WhatsApp assistant is coherent, but it needs Review because it handles patient data, calendar changes, and emergency guidance without enough privacy, credential, region, or safety controls.

Review carefully before installing. Use only with clinic/legal approval, remove or clinician-review emergency advice, configure emergency numbers by clinic region, add explicit patient privacy and consent wording before intake, avoid unnecessary PII in calendar events and staff alerts, use a dedicated limited Google Calendar/service account, protect and rotate credential files, and require stronger verification before cancellations or rescheduling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill explicitly forbids diagnosis and medical advice, but the emergency triage section later gives treatment guidance such as recommending ibuprofen, pressure with gauze, storage media for an avulsed tooth, and cold compresses. In a healthcare-facing WhatsApp bot, this contradiction is dangerous because users may rely on the bot for individualized medical guidance during urgent situations, creating safety and liability risk.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The skill says not to store sensitive health data in chat, but later states that collected intake information is 'saved,' creating ambiguity about what data is persisted and where. In a patient communications context, unclear retention behavior can lead to overcollection or storage of personally identifiable and potentially health-related onboarding data without proper consent, controls, or minimization.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly describes collecting personal data such as name, phone, email, and insurance information through WhatsApp, but it does not pair that workflow with a clear user-facing privacy notice, consent language, retention policy, or limits on how the data is stored and used. In a healthcare-adjacent context, even non-diagnostic patient intake data is sensitive, and omission of privacy disclosures increases the risk of unauthorized collection, mishandling, and regulatory or trust failures.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup guide tells operators to create a Google service account, download credentials JSON, and grant calendar write access, but provides no warning about secure storage of the credential file, secret exposure risks, or least-privilege handling. If those credentials are mishandled, an attacker could modify appointments, disrupt clinic operations, or use the service account access as a foothold into connected scheduling workflows.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The emergency flow hard-codes 911 and 192/SAMU, but the skill is described as bilingual rather than region-locked, so users in other countries could receive incorrect emergency instructions. In an urgent medical scenario, wrong location-specific emergency numbers can delay access to care and materially increase harm.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The emergency response template hard-codes different emergency numbers by language rather than by the user's actual region, which can misdirect patients during urgent situations. In a healthcare-adjacent dental assistant, incorrect emergency routing is safety-critical because a user could receive the wrong number for their location and lose time in a real emergency.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.