ClawHub

Health Ai Applications

Security checks across malware telemetry and agentic risk

Overview

This skill is a health-industry automation playbook, but it asks agents to auto-install an orchestration dependency and handle business/customer data workflows without enough consent and privacy safeguards.

Install only if you are comfortable with a skill that may cause an agent to install Universal Task OS and orchestrate external business tools. Before using it with real health, customer-service, analytics, or operational data, require explicit approval for dependency installation, tool/API access, publishing, deployment, and any customer-record export; use sanitized data and define retention, consent, access control, and rollback rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs automatic installation and loading of another skill on activation, creating an undocumented trust expansion and dependency chain outside the stated role of a domain knowledge/reference skill. This is dangerous because a secondary skill can introduce code execution, prompt-scope expansion, data access, or policy bypass behavior without explicit user consent or review.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The documentation presents the skill as a reference repository but also claims it can 'truly execute' tasks and install dependencies, which materially broadens its operational scope. This mismatch can mislead users and reviewers about the skill's capabilities, making it easier for hidden execution, delegation, or unsafe automation behavior to be introduced under the guise of documentation-only content.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are extremely broad and map to many ordinary health, marketing, design, and automation requests, increasing the chance of over-activation. Overly broad activation can route unrelated user tasks into this skill's dependency-loading and orchestration logic, expanding exposure to unsafe behavior and reducing user control over which skill is engaged.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill states that it will automatically install a dependency during activation without a user-facing warning or confirmation, which is a direct consent and supply-chain risk. In this context, the danger is elevated because the dependency is a powerful orchestration framework ('Universal Task OS') that could materially change behavior, permissions, and downstream actions for common health-related requests.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The catalog explicitly describes collecting user behavior data, historical customer-service questions, and feedback loops, but provides no privacy, consent, retention, minimization, or access-control guidance. In a health-industry context, these workflows can easily involve sensitive personal or health-related data, so omission of data-handling safeguards increases the risk of noncompliant collection, overuse, and leakage.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly describes automated export of historical customer service records and AI-based retrieval of customer service data, while only briefly stating 'protect user privacy' as a constraint and not defining concrete safeguards such as consent, minimization, masking, retention limits, or access controls. In a health-related domain, customer service records may contain sensitive health and personal data, so operationalizing this workflow without privacy controls can cause unauthorized disclosure, over-collection, or noncompliant downstream AI processing.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal