ClawHub

Pharmacoeconomic-evaluation

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed pharmacoeconomic analysis aid with local calculation scripts, but users should treat its China-specific defaults as jurisdiction-dependent decision support.

Install only if you need pharmacoeconomic modeling support. Use an isolated Python environment, pin dependencies for reproducibility, do not grant purchase, payment, wallet, or crypto capabilities, and confirm the target jurisdiction, payer perspective, thresholds, discount rates, and utility sources with qualified health economics experts before relying on results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill imposes Chinese pharmacoeconomic standards and assumptions without clearly constraining the skill to China-specific use or asking the user for jurisdiction. In a policy, reimbursement, or HTA context, this can produce materially inappropriate recommendations, thresholds, utility inputs, and reporting choices for other regions, leading to flawed decisions rather than code execution compromise.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
Mandating Chinese population utility values without user opt-in can bias QALY estimates and downstream cost-effectiveness conclusions when the analysis is meant for another country or payer. In pharmacoeconomic evaluation, locale-specific utilities materially affect ICERs and reimbursement recommendations, so the skill context makes this more dangerous than a generic documentation preference issue.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal