ClawHub

unisound-sm-doc

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed medical-text processing wrapper around a remote model API, with sensitive-data risks but no hidden, destructive, or deceptive behavior found.

Install only if you trust the publisher and the hivoice.cn medical model endpoint. Use a scoped app key, keep --api-url set to an approved destination, and de-identify or otherwise authorize any medical records before processing; avoid using broad input paths or writing outputs where sensitive content may be exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises no declared permissions, yet its documented behavior includes reading arbitrary files/stdin, writing output files, and sending content to a remote API. This creates a transparency and governance gap: operators may approve or run the skill without realizing it can access local data and exfiltrate medical text over the network.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose suggests a constrained medical entity-extraction skill, but the behavior described is a generic wrapper that forwards arbitrary question text/files to a remote chat-completions API and returns free-form output. This mismatch is dangerous because users may trust it with sensitive medical records under the assumption of local, structured processing, when in reality broad data handling and external transmission occur.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation states that medical question content is sent to an external model API, but the warning is not prominent enough given the sensitivity of patient data. In this context, weak disclosure materially increases the risk of accidental transmission of PHI/PII to a third party, which can cause privacy breaches and compliance violations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script transmits user-supplied medical question content to a remote API endpoint without any consent prompt, warning, masking, or policy enforcement. In this skill context, inputs may contain patient history, symptoms, identifiers, or other sensitive health information, so silent exfiltration to a third-party service creates a meaningful privacy and compliance risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal