unisound-med-record-qc

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed medical-record quality-control helper, but it should only be used with approved and de-identified medical data.

Install only if you are authorized to use the configured medical LLM endpoint for the data involved. De-identify patient information before use, verify the endpoint and app-key handling, avoid shared terminals or CI logs for sensitive cases, and remember that --output stores the raw question, metadata, and model answer.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill exposes file read, file write, and network-capable behavior but does not declare permissions, which prevents users and reviewers from understanding its real trust boundary. In this medical-record context, the undocumented network transmission of potentially sensitive patient text materially increases risk because operators may assume the skill is only a local QC utility.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The documented purpose frames the skill as a medical QC/extraction tool, but the behavior described forwards arbitrary input over HTTP to an external LLM endpoint instead of performing clearly local, bounded processing. This mismatch is especially dangerous for medical records because users may provide PHI under the assumption of an internal or specialized workflow, resulting in unexpected external disclosure and weak data-governance control.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The code sends the full medical question content directly to an external HTTPS API, and the surrounding flow shows this content may come from files, stdin, or CLI input containing patient record text. In a medical-record QC skill, those prompts are likely to contain protected health information or other sensitive clinical data, so undisclosed transmission to a remote service creates a real confidentiality and compliance risk even if transport encryption is used.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script writes the full question, metadata, and model answer to stdout and optionally to an output file, which in this skill likely includes raw medical-record content and possibly identifiers. Persisting that data on disk without warning, minimization, masking, or secure storage controls can expose sensitive patient information to other users, backups, logs, or downstream tooling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal