ClawHub

aky-tcm-prescription

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed TCM prescription reference, but it can produce individualized herbal formulas, diagnoses, and dosages without strong enough safeguards for lay users or vulnerable medical situations.

Install only if you intend to use it as an educational or clinician-reviewed TCM reference. Do not use it for self-diagnosis, self-prescribing, pregnancy, children, elderly or frail patients, severe symptoms, toxic herbs, or when prescription drugs or serious medical conditions are involved; those cases need qualified medical review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger scope is overly broad because it activates on generic TCM clinical guidance, prescription, and herb-substitution requests without sufficient gating for user role, emergency symptoms, or medical-safety triage. In a medical prescribing skill, broad activation increases the chance the agent provides individualized treatment or dosage guidance in situations that require licensed clinical judgment, making unsafe recommendations more likely despite the disclaimer.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This section gives condition-specific formula modification guidance that can be interpreted as treatment instructions without any explicit warning that the content is educational only or that individualized assessment by a licensed clinician is required. In a prescription assistant skill, users may act directly on these recommendations, increasing risk of inappropriate self-medication, herb interactions, toxicity, or delayed medical care.

Missing User Warnings

High
Confidence
97% confidence
Finding
The file provides pediatric and geriatric dose reduction rules for vulnerable populations but does not clearly warn that children and older adults have heightened risk from dosing errors, toxic herbs, organ impairment, and drug-herb interactions. Because the skill is specifically designed to support clinical guidance and prescribing, these simplified ratios may encourage unsafe use without proper supervision.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This file provides detailed diagnostic interpretation for symptoms, tongue, pulse, and gynecological findings without any user-facing disclaimer, triage guidance, or instruction to seek licensed medical care. In a skill explicitly meant to support TCM clinical guidance and prescription assistance, users may reasonably treat this as actionable medical advice, increasing the risk of delayed diagnosis, inappropriate self-treatment, or missed emergencies.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This file is a large, user-consumable medical formula database that includes prescription guidance, dosages, indications, modifications, and cautions for potent herbs and formulas, including toxic substances such as Fuzi, Xixin, Banxia, Dahuang, and ephedra-containing formulas. Although some item-level cautions are present, there is no prominent general safety disclaimer restricting use to licensed practitioners or instructing users to seek professional care, which increases the chance that an agent could surface this content as actionable treatment advice for self-medication.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This reference provides specific herb dosages, indications, and preparation notes in a skill explicitly intended to support TCM prescription and clinical guidance, but it lacks a prominent disclaimer that the material is educational and not a substitute for licensed medical care. Because the content includes substances with toxicity, pregnancy implications, and special preparation requirements, users or downstream agents could treat it as actionable prescribing guidance and cause poisoning, contraindicated use, or delayed proper treatment.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The entry for 朱砂 (Zhusha) notes toxicity, but the file does not provide broader handling restrictions, regulatory cautions, or explicit limits against self-medication despite listing a dose. In the context of a prescription assistant, this can normalize use of a toxic/mineral substance and lead users to infer that a listed dose is safe for unsupervised consumption.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This file provides detailed syndrome differentiation and specific formula recommendations for medical conditions, including potentially serious presentations, without any safety disclaimer, triage guidance, or requirement to consult a qualified clinician. In a consumer-facing agent skill, users may treat this as actionable diagnosis and prescribing advice, leading to delayed professional care, inappropriate self-medication, herb-drug interactions, toxicity, or harm in pregnancy and other high-risk populations.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal