ClawHub

medical-doctor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local healthcare matching skill that uses sensitive health details for its stated purpose, with mock booking outputs clearly labeled as simulated.

Before installing, be aware this handles sensitive medical and location information. Share only what is needed, do not treat recommendations as diagnosis or treatment, seek emergency care for urgent symptoms, and remember that generated registration or escort order numbers are mock results unless you separately connect a real booking service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This file provides symptom-to-department triage guidance in a medical context but does not clearly warn users that the content is not medical advice and does not consistently direct them to licensed clinicians or emergency services. In a doctor-matching skill, users may rely on these mappings for real-world care decisions, so missing safety disclaimers and escalation guidance increases the risk of delayed treatment, mis-triage, and harm in urgent conditions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow explicitly requires collection of highly sensitive health information together with location and care preferences, but provides no notice about consent, retention, sharing, or limits on use. In a medical matching context, this creates meaningful privacy and compliance risk because users may disclose protected health data without understanding how it will be handled, and downstream systems or operators could over-collect or misuse it.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow instructs the agent to generate simulated registration and companion arrangements, including selecting slots and generating an order number, but does not require a prominent warning that these are mock actions and not real bookings. In a healthcare setting, users could reasonably mistake the simulation for an actual appointment or service arrangement, causing delayed care, missed treatment, or reliance on nonexistent support.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal