ClawHub

medical-triage-booking

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for medical triage and booking, but its route-planning flow can infer and share sensitive location data without clear user consent or provider disclosure.

Review before installing if you plan to use route planning. Prefer entering an approximate starting point manually, confirm which map provider will receive location data, and avoid IP-based location lookup unless you explicitly want it. Treat the medical output as triage assistance only, not a diagnosis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes local scripts, reads bundled files, and performs network-related actions, yet declares no permissions or capability constraints. This creates a transparency and policy-enforcement gap: operators and users cannot accurately assess what data the skill may access or transmit, which is especially concerning in a medical workflow handling sensitive health context.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The route-planning section says the skill uses Baidu-based components in one place but later instructs IP-based positioning and calls an AMap route capability instead. This inconsistency is dangerous because it obscures which third parties receive user data and undermines trust, reviewability, and compliance for a health-related skill that may process sensitive context.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Inferring the user's location from IP goes beyond what is necessary for medical triage and booking assistance, because route planning can be done from a user-supplied starting point. Collecting approximate location without necessity increases exposure of sensitive contextual data such as where a patient is seeking care from, which can be privacy-revealing in a medical setting.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directs the system to use IP-based location detection for routing without any user-facing notice, consent flow, or privacy explanation. In a healthcare context, silent collection of location-related data can reveal sensitive inferences about medical needs and clinic visits, making the privacy impact more serious than in a generic navigation skill.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends precise origin and destination coordinates to Baidu's routing API, which is a third-party external service, without any mechanism in this code to ensure user notice, consent, minimization, or redaction. In a medical-triage and hospital-booking context, location data can be especially sensitive because it may reveal likely healthcare-seeking behavior and nearby home/work locations.

Ssd 3

Medium
Confidence
95% confidence
Finding
The natural-language instruction to derive location from the user's IP creates a data-collection pathway for sensitive personal information without clear necessity or safeguards. Because this skill handles symptom descriptions, history, and hospital selection, combining health context with inferred location meaningfully elevates re-identification and privacy risks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal