ClawHub

Dont Deal Triage

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a real local chest-pain triage helper, but it can run automatically, inspect host and Git activity, and store sensitive health-triage records locally without clear prior consent.

Review before installing. Use this only if you are comfortable with local Node scripts inspecting the nearest Git repository's commit timing, detecting host context, and saving health-triage history under ~/.dont-deal. It is not a substitute for emergency services or professional medical care, and users should avoid installing it on shared or managed machines unless local record retention is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (9)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill is presented as a chest-pain triage helper, but the described behavior extends into persistent collection of sensitive health data, emergency contacts, host/environment inspection, and event logging. In a medical-context skill, this mismatch is dangerous because users may disclose highly sensitive information without understanding the extent of local collection, retention, and profiling.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The code fingerprints the execution environment by checking for API-key-related variables such as ANTHROPIC_API_KEY and OPENAI_API_KEY, even though the skill's stated purpose is medical/workload triage. Reading unrelated secret-bearing environment variables is unnecessary for core functionality and creates a privacy/security concern because it conditions behavior on the presence of sensitive credentials and expands the skill's access to secret-derived signals. In this context, the mismatch between medical triage functionality and host/tool identification makes the behavior more suspicious, not less.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
This utility exposes a generic subprocess wrapper that can execute any binary with arbitrary arguments supplied by callers. In a health-triage skill, that capability is broader than necessary and materially increases risk because other parts of the skill could use it to access host context, invoke git, or run unintended system commands against the user's machine.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill enables implicit invocation while describing broad, symptom-based activation conditions in natural language, which can cause the agent to trigger in ambiguous conversations without clear user intent. Because this skill performs health triage around potentially life-threatening symptoms like chest pain and shortness of breath, accidental activation or overreach could lead to unsafe medical-style guidance, missed escalation, or inappropriate use of local context such as host and git activity.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code walks upward from the current directory to find a Git repository and analyzes recent commit timestamps to infer the user's sleep patterns, then returns the repository path and detailed activity windows. In a health-triage skill, this combines sensitive workplace telemetry with medical-style assessment without any visible consent, warning, minimization, or disclosure, creating a privacy-sensitive behavioral profiling issue.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script writes a health-related snapshot containing system, host, and inferred sleep/fatigue data to disk automatically, but this file shows no user notice, consent flow, or control over persistence. Because the skill is explicitly used for chest-pain/exhaustion-aware triage, the stored data is sensitive and could expose medical inferences, work patterns, and host context to other local users, backups, or later compromise.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The CLI collects highly sensitive health-triage information, inferred fatigue/work-pattern context, and host metadata, then writes it to local storage without obtaining informed consent beforehand. In this skill context, that data can reveal acute medical symptoms and device context, so silent persistence materially increases privacy harm if the workstation is shared, backed up, synced, or later accessed by other tools/users.

Missing User Warnings

Low
Confidence
88% confidence
Finding
Automatically persisting language preference without disclosure is a privacy/consent issue, though less severe than storing medical data. It still writes user-derived preference data to disk without notice, which may be undesirable on shared or managed systems.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The code hard-codes all user-facing triage reasons, questions, and recommendations in Chinese with no locale negotiation or fallback. In a chest-pain triage skill, this can cause users or operators who do not read Chinese to misunderstand or miss urgent emergency instructions, creating a direct safety risk through delayed care.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal