Back to skill

Security audit

unisound-health-risk-assessment

Security checks across malware telemetry and agentic risk

Overview

This health-risk skill does what it advertises, but it can send raw medical report content to an external LLM despite claiming it redacts identifiers first.

Review before installing. Use this only when you are authorized to send health exam data to the configured LLM endpoint, remove names and identifiers yourself before use, and avoid --output unless you intend to store a sensitive report locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation describes concrete capabilities to read local files, write output files, and send sensitive medical report content to a remote API, yet no permissions are declared. This creates a transparency and governance gap: operators may run the skill without understanding that protected health information can leave the local environment and be written to disk, increasing privacy, compliance, and data leakage risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends raw medical exam report content to a remote LLM endpoint, which is highly sensitive health data, but it does not provide any explicit consent flow, warning, minimization, or privacy safeguard before transmission. In a health-risk assessment context, this is more dangerous because the input likely contains protected health information (PHI/PII), making unauthorized disclosure, retention, or third-party processing a significant confidentiality and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.