ClawHub

건강보험심사평가원 병원 검색

Security checks across malware telemetry and agentic risk

Overview

This hospital lookup skill is mostly coherent, but a crafted hospital-name search can execute local Python code, so it needs review before installation.

Do not install this version until hospital_search.sh is fixed to pass the hospital name to Python as an argument or environment variable instead of embedding it in source code. If you use a fixed version, store the data.go.kr key with restrictive permissions and require a confirmed hospital before detail lookups or optional web-search/notification enrichment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documents use of shell scripts and outbound network access, but it does not declare corresponding permissions or capability boundaries. This creates a trust and enforcement gap: the platform or reviewer may assume the skill is less powerful than it actually is, increasing the chance of unintended execution, data access, or connector misuse.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The routing logic uses broad trigger words such as generic search/find/recommend language, which can match many unrelated user requests. In an agent environment, this can cause overbroad activation of the skill, leading to unexpected network calls, cross-skill invocation, or disclosure of user intent to external services when the user did not clearly ask for hospital lookup.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The detail-lookup triggers are ambiguous because phrases like 'tell me the hours' or 'is parking available?' are not explicitly tied to a previously identified hospital. This can cause the skill to operate on the wrong entity, perform unintended lookups, or combine data from search supplementation tools without adequate confirmation, which is risky in a medical-information context.

Session Persistence

Medium
Category
Rogue Agent
Content
2. 로그인 → 마이페이지 → **일반 인증키(Decoding)** 복사
3. API 키 저장:
   ```bash
   mkdir -p ~/.config/data-go-kr
   echo "YOUR_API_KEY" > ~/.config/data-go-kr/api_key
   ```
4. 아래 서비스 **활용신청** 후 사용 (자동승인)
Confidence
89% confidence
Finding
mkdir -p ~/.config/data-go-kr echo "YOUR_API_KEY" > ~/.config

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal