ClawHub

ai-medical-care-manager-skill-amap-reminder-poster

Security checks across malware telemetry and agentic risk

Overview

This medical-care skill is mostly coherent, but it needs review because it handles sensitive health and location data with weak consent controls and can produce unreliable doctor recommendations from a polluted dataset.

Review before installing. Use it only as a care-coordination aid, verify hospital and doctor recommendations manually, avoid IP-based location unless you are comfortable sharing location and hospital-route data with AMap, approve reminder/calendar entries before creation, and do not pass private medical details into the optional social-post workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The playbook instructs the medical-care skill to upsell an unrelated social-media copywriting skill after completing a healthcare task. In a medical context, this expands scope beyond the declared purpose and can drive unnecessary cross-skill data flow involving sensitive health experiences, increasing privacy and trust risks.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Reintroducing social-media experience-copy generation in the post-visit phase again extends a healthcare support skill into non-essential content generation. Because post-visit inputs may include diagnoses, prescriptions, and reports, this creates a stronger risk of inappropriate reuse or disclosure of highly sensitive medical information.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Making social-post drafting a standard closing action normalizes secondary use of a user's medical journey for non-medical output. In this context, the behavior is more dangerous because it systematically encourages transfer of sensitive healthcare context into another skill even when not necessary for care management.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The template explicitly encourages handing the user off to an unrelated social-media copywriting skill (`qiaomu-mondo-poster-design`) after a medical-care workflow. In a healthcare context, this creates scope creep and increases the chance that sensitive medical visit details are repurposed for non-essential content generation, which can lead to privacy overexposure or inappropriate cross-skill data sharing.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The enhanced post-visit template repeats the same unrelated recommendation to generate Xiaohongshu/WeChat-style shareable content from a user's medical experience. Because this appears in a post-care template, it normalizes converting health-related interactions into public-facing content, which is risky in a domain handling sensitive personal and medical information.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README states that the skill will first attempt coarse IP-based location for route planning, but provides no user-facing notice, consent flow, or data-handling explanation. In a medical context, location tied to hospital visits can reveal sensitive health-related inferences, making silent collection more privacy-sensitive than in a generic navigation skill.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The invocation condition is broad for a safety-sensitive medical workflow, which can cause the skill to activate in situations where specialized handling, stricter consent, or jurisdiction-specific logic is needed. In medical contexts, overbroad triggering increases the risk of inappropriate triage guidance, premature recommendations, or collection of sensitive health details without clear necessity.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The skill is tightly tailored to Chinese-language and China-specific healthcare flows without requiring user locale or language confirmation. In a medical setting, assuming language and region can lead to unsafe or unusable instructions, misunderstanding of care guidance, and misdirection to the wrong booking or emergency channels.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The instructions hard-code Beijing defaults and Chinese booking channels without documenting when those assumptions are valid. In a healthcare workflow, region-specific defaults can misroute users to irrelevant or inaccessible services, delaying care and creating safety issues if urgent symptoms are involved.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The playbook processes appointment screenshots/OCR text and may attempt coarse geolocation via the user's real IP, but it does not require upfront notice, consent, or data-handling disclosure. In a medical workflow, appointment details and location data are sensitive; combining them can expose healthcare provider, specialty, timing, and probable condition information, creating meaningful privacy harm.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends a user IP address to AMap's external geolocation API, which is personal data and can reveal approximate location. Although the code contains a cautionary message when no IP is provided, there is no consent check, minimization step, or user-facing disclosure at the point where the transfer occurs, making this a real privacy/security issue in a medical-care workflow where location data may be especially sensitive.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends precise origin and destination coordinates to Amap route-planning APIs and generates an external map link, but the file contains no mechanism to surface a privacy warning, obtain consent, or minimize location data exposure. In a medical-care workflow, location data can indirectly reveal sensitive health information such as likely hospital visits, which raises the privacy risk beyond ordinary navigation use.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The function sends user-supplied search terms and geographic context to Amap, a third party, without any visible notice, consent flow, or minimization controls. In a medical-care skill, POI queries can reveal sensitive health-related intent such as hospital, department, or clinic searches, making undisclosed sharing more privacy-sensitive than in a generic maps tool.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The route-planning functions transmit precise origin and destination coordinates to Amap without any explicit disclosure or consent mechanism. In this skill's medical context, those coordinates may directly expose a user's home/work location and visits to hospitals or clinics, creating a meaningful privacy risk around sensitive health-related movement data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal