ClawHub

中华05骨龄分析 RUS-CHN05

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it handles children’s medical images and personal data through a third-party service with limited consent, privacy, and history-access safeguards.

Install only if you trust the慧龄云/pipitu.net service and have authority to submit the child’s X-ray and personal data. Use the lightweight path when possible, avoid real phone numbers or identifiers unless required, confirm guardian consent, keep credentials scoped to this service, and avoid using history lookup unless you are sure the service account only exposes the intended patient records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documented optional `appid` parameter enables WeChat mini-program notification delivery, which expands the skill from image analysis into outbound messaging. In a medical context involving children’s bone-age assessments, this creates unnecessary data-flow expansion and increases privacy/compliance risk if patient-linked results or identifiers are pushed to third-party messaging ecosystems without clear user consent and strict purpose limitation.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The historical report retrieval endpoint allows access to prior analyses beyond the stated one-shot bone-age assessment workflow, materially increasing the amount of sensitive medical data exposed through the integration. Because these reports may contain longitudinal health information, pagination access to history broadens privacy impact, enables overcollection, and raises the risk of unauthorized access to past pediatric records if account scope or authorization boundaries are weak.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The client exposes historical report retrieval functionality that is broader than the declared skill workflow of upload-and-analyze. Even if gated by login, this increases access to previously generated medical reports and creates a larger privacy and data-exposure surface than users may expect from the skill description.

Description-Behavior Mismatch

Medium
Confidence
72% confidence
Finding
The manual re-assessment path allows submission of human-edited staging data and re-computation outside the described workflow. In a medical-analysis skill, undocumented mutation of diagnostic inputs expands functionality in a way that can enable unauthorized or unreviewed alteration of results, reducing auditability and trust in outputs.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README demonstrates uploading pediatric wrist X-ray images and sending associated patient attributes such as sex, age, height, parental heights, and phone number, but provides no privacy, consent, retention, de-identification, or regulatory handling guidance. In a medical-imaging skill, this omission is security-relevant because integrators may process protected health information insecurely, exposing minors' sensitive medical data to unauthorized disclosure or noncompliant use.

Vague Triggers

Medium
Confidence
77% confidence
Finding
Broad triggers can cause the skill to activate on casual conversation and start soliciting or processing sensitive medical information unintentionally. In a healthcare-adjacent skill, accidental invocation is more dangerous because it can lead to unnecessary collection of X-rays, sex, age, and other personal health data.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The example trigger scenarios include vague everyday phrasing that overlaps with general health discussion. That ambiguity raises the chance the skill will engage in a medical-data workflow without sufficiently clear user intent, increasing privacy and consent risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs collection of highly sensitive medical and personal data, including X-rays, phone number, body measurements, and parental height, but does not pair that with a clear privacy notice, purpose limitation, retention policy, or explicit consent for third-party transfer. This is particularly dangerous because the data concerns minors and medical imaging, which materially elevates privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document describes login, upload, and inference calls to an external host but does not clearly warn the user that their image and related data will be transmitted outside the local system. Hidden third-party network transfer is a real security and privacy issue, especially for medical images and child health data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This code sends highly sensitive health and personal data to an external service, including X-ray images, age, sex, height, parental heights, phone number, and menstruation status, but provides no explicit consent flow, privacy notice, minimization, or destination validation in the sample itself. In a medical context involving minors, this increases privacy and compliance risk because integrators may copy the example directly without implementing informed disclosure or safeguards.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code uploads a hand/wrist X-ray to a presigned URL on an external service without any user-facing disclosure, confirmation, or consent flow. Because the data is medical imaging of minors and therefore highly sensitive, silent transmission to a third party creates significant privacy, compliance, and data-governance risk even if the transfer is technically required for the feature.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The script sends credential-derived login material to a remote endpoint but does not clearly warn the user that supplied credentials will be used against a third-party service. Even though HTTPS is used and the password appears pre-hashed, this can still expose secrets to an external processor and mislead integrators about trust boundaries, especially in a sample script intended for reuse.

Ssd 3

Medium
Confidence
96% confidence
Finding
The workflow requests and may retain more sensitive data than is necessary for the lightweight bone-age path, including phone number and family measurements. Excessive collection broadens the blast radius of any leak, misuse, or misrouting, especially given the medical and minor-related nature of the data.

Ssd 3

Medium
Confidence
90% confidence
Finding
The reporting template instructs the agent to echo detailed personal and medical fields back into the conversation, increasing the chance of unnecessary exposure in chat history, logs, screenshots, or shared sessions. Re-displaying sensitive attributes is especially risky for pediatric medical data.

Ssd 3

High
Confidence
98% confidence
Finding
The history-report query capability can expose previously generated medical reports if access is tied only to the logged-in service account rather than the current end user. In this skill context, that is particularly dangerous because it could reveal other users' pediatric health information, prior images, and measurements through a generic assistant workflow.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal