ClawHub

Tcm System Medicine

Security checks across malware telemetry and agentic risk

Overview

This is a text-only TCM reference skill with no hidden code access, but it should be reviewed because it can guide symptom questioning and treatment-style conclusions without strong medical safety boundaries.

Install only as an educational TCM/system-medicine discussion aid. Do not use it for diagnosis, prescriptions, dosing, urgent symptoms, serious disease decisions, or as a replacement for licensed medical care; users should explicitly request TCM analysis and seek qualified clinical help for persistent, worsening, or concerning symptoms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger list is very broad and includes common health and TCM terms such as '中医', '辨证', '气血', and '阴阳', making accidental invocation likely during ordinary wellness or medical conversations. In a medical-adjacent skill that can steer questioning and suggest treatment logic, overbroad activation increases the chance users receive domain-specific guidance without explicitly opting into it.

Missing User Warnings

High
Confidence
99% confidence
Finding
This skill provides structured symptom questioning, syndrome differentiation, and treatment-oriented output, including '治法建议' and disease interpretations, but does not present a prominent up-front warning that it is not medical advice or a substitute for professional care. That omission is dangerous because users may rely on the workflow as clinical guidance, delaying proper diagnosis or treatment, especially for serious conditions despite a limited red-flag mention.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes many broad, high-frequency medical and everyday terms such as '中医', '辨证', '气血', '阴阳', and '方剂', which can cause the skill to activate in contexts far beyond the author's intended scope. Over-triggering is risky here because the skill provides quasi-diagnostic questioning and treatment-oriented framing, so accidental invocation could steer unrelated or low-context conversations into health guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal