ClawHub

ai-medical-care-manager

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for medical visit assistance, but its optional AMap routing can share sensitive location data with AMap.

Install is reasonable if you want a medical visit workflow assistant. Treat medical and appointment details as sensitive, configure a restricted AMap key only if you need routing, and prefer manually providing a rough starting point instead of allowing IP-based location.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (12)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that route planning will first attempt coarse IP-based location detection, but it does not mention consent, disclosure, retention, or fallback behavior before collecting location-related data. In a medical-care workflow, even coarse location can reveal sensitive inferences about a user's health-seeking behavior or nearby treatment destination, so undocumented collection increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly directs collection of highly sensitive health data such as symptoms, medical history, medications, pregnancy status, and city without an accompanying privacy notice, minimization guidance, or consent flow. In a healthcare setting, this increases the risk of unnecessary collection, improper retention, and accidental disclosure of special-category personal data.

Missing User Warnings

High
Confidence
97% confidence
Finding
The route-planning flow says to obtain the real user IP from the environment or user context and use it for geolocation before clear notice or opt-in. IP-derived location is personal data, and combining it with medical appointment details can reveal sensitive healthcare-seeking behavior and whereabouts, making this especially risky in a medical assistance skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The playbook explicitly instructs the skill to attempt real user IP-based coarse location before asking the user for their location, but it does not mention any user notice, consent, or opt-in. In a medical-care workflow, location data is especially sensitive because it can be linked to health-seeking behavior and nearby hospital visits, increasing privacy risk beyond a generic navigation use case.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script transmits a user-provided address, city, and an API key to the external AMap geocoding service. In a medical-care workflow, address data can be sensitive personal information, and the code contains no consent check, minimization, masking, or user-facing notice before sending it off-platform, creating a real privacy and data-governance risk even though the transport uses HTTPS.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This script sends precise origin and destination coordinates to external route-planning functions and generates a third-party map link without any consent flow, minimization, or privacy notice in the code path. In a medical-care workflow, those coordinates can reveal highly sensitive inferences such as a patient's home location, clinic destination, treatment patterns, or appointment attendance, making the privacy impact materially higher than a generic navigation tool.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code persists the Amap Web Service Key to a local JSON config file in plaintext without any warning, access control, or secret-management safeguards. Storing API credentials this way increases the risk of accidental disclosure through source control, backups, shared hosts, or local file compromise.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This function sends user search terms and regional/location context to an external Amap service without any explicit consent, disclosure, or data-minimization controls. In a medical-care workflow, even seemingly generic place searches can correlate with sensitive healthcare-seeking behavior, making third-party transmission more privacy-sensitive than usual.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Walking route planning transmits precise origin and destination coordinates to an external provider without any explicit privacy notice or consent flow. In this skill's medical context, those coordinates may reveal a user's home/work location and intended visit to a clinic or hospital, exposing highly sensitive health-related inferences.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Driving route planning sends exact trip endpoints and optional waypoints to Amap, which can reveal detailed movement patterns and potentially identify residences, hospitals, and other sensitive stops. In a healthcare skill, such route metadata can expose protected health-related intent and increase the privacy impact substantially.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Cycling route planning also shares precise origin and destination coordinates with an external API without disclosure or consent. Because the broader skill concerns medical appointments, the transmitted route can reveal sensitive health-related visits and personal location patterns.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Transit route planning sends origin, destination, and city information to an external provider without an explicit privacy warning. In a medical-care scenario this can disclose probable healthcare visits and location habits, creating sensitive inference risk even if no clinical data is sent directly.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal