ClawHub

unisound-med-rx-safety-ethics

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed command-line medical Q&A helper that sends user-provided questions to a configurable medical model API, so privacy care is needed but the behavior matches its purpose.

Install only if you are comfortable sending the provided medical question text to the configured model API. Do not include identifiable patient information unless your organization permits that use, and use dry-run or de-identified sample inputs for testing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation describes capabilities to read local files/stdin, write output files, and call a remote medical-model API, but it does not declare corresponding permissions. That mismatch can bypass operator expectations and informed consent, especially because the skill may process sensitive medical questions and potentially patient-related data before transmitting them off-host.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill transmits raw question content to an external remote API, and surrounding code also preserves and returns record metadata that may contain identifiers or sensitive medical context. In a prescription-review and medical safety skill, prompts can easily include protected health information, so sending them off-box without explicit disclosure, consent handling, minimization, or redaction creates a real confidentiality and compliance risk.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal