ClawHub
Back to skill

Security audit

Pharma Skill System

Security checks across malware telemetry and agentic risk

Overview

This is a broad markdown-only pharmaceutical workflow guide; it touches sensitive regulated work, but the behavior is disclosed, purpose-aligned, and has no hidden code or install-time execution.

Install only if you need a broad pharma workflow reference skill. Use it in an approved environment, and do not paste patient-identifiable data, adverse-event reports, HCP contact details, employee performance data, CRM exports, confidential regulatory materials, contracts, or budgets unless your organization permits that AI use. Treat generated medical, PV, regulatory, compliance, HR, financial, and external-publication outputs as drafts requiring qualified human review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The pipeline section repeatedly maps unit IDs to labels that do not match the canonical unit index, so an agent following this file could invoke the wrong capability for regulated pharma workflows. In this context, documentation drift is security-relevant because it can misroute compliance, PV, regulatory, budgeting, or external-communication tasks, causing unsafe automation and bypass of intended controls.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is extremely broad and includes many common pharma and healthcare business terms, so the skill may activate in routine conversations that are only loosely related to its intended workflows. In a high-stakes domain like pharmaceuticals, ambiguous activation can cause the agent to load complex operational guidance unnecessarily, increasing the chance of inappropriate automation, over-collection of sensitive context, or users receiving domain-specific outputs when they did not explicitly request them.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly describes 7x24-hour monitoring and automated collection of internal and external information sources, including social media, with structuring and analysis of the collected data. In a pharma context, this can easily involve personal data, sensitive business information, or regulated medical content, yet the skill text provides no privacy notice, lawful-basis constraints, access controls, retention limits, or compliance guardrails.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The social media monitoring function includes automated capture of mentions, sentiment, hot topics, and KOL statements, which may involve personal data, profiling, and platform-restricted collection practices. Because no warning or constraint is given about privacy, consent, terms-of-service compliance, or special handling for medical safety signals, users could deploy it in a noncompliant way.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file describes automated generation of DA、PPT、公众号文章等多种内容初稿 and automatic routing into review, but it does not clearly warn users that the skill may create or modify local files and drafts. In an agent setting, missing disclosure can lead to unintended file creation, overwrites, or propagation of unreviewed regulated medical content, especially in a pharma workflow where documents may be sensitive or compliance-relevant.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
C2-05 states '⬛ 全自动 — AI完成排版和美化,无需人工干预' for PPT beautification, but it does not warn that presentation files may be modified without review. Unattended modification of slide decks can overwrite source material, introduce inaccurate or noncompliant claims, or alter evidence presentation in regulated pharma communications before a human catches the changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
These sections explicitly support attendee sign-in/interaction collection and photo/video/file archiving, which likely involve personal data such as names, contact details, participation records, and identifiable images. In a pharmaceutical event context, this is more sensitive because attendees may include healthcare professionals and event records may be subject to privacy, consent, retention, and cross-functional compliance requirements; omitting privacy guidance increases the risk of unlawful collection, over-retention, or inappropriate sharing.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly proposes building a unified 360-degree customer/KOL view, supporting scientific visits, relationship maintenance, and churn-risk warning based on interaction data, but provides no privacy, consent, retention, access-control, or lawful-basis guardrails. In a pharmaceutical context, these profiles can contain identifiable professional and behavioral data about HCPs/KOLs, making ungoverned collection and profiling a genuine privacy and compliance risk rather than a harmless omission.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs collection of customer name, hospital, department, title, academic interests, and optional contact details, then standardizes them into a CRM-ingestable profile without any notice about handling PII or professional personal data. Even if these are business contacts, aggregating and tagging them creates a structured personal dataset that can be misused, over-retained, or processed unlawfully.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill describes fully automatic deduplication, completion, and updating of customer information in the database, yet gives no warning that records may be merged or modified automatically. In a KOL/customer system, incorrect deduplication or enrichment can corrupt relationship histories, misattribute interactions, and propagate inaccurate personal data across downstream systems.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill allows visit records to use recordings and notes as input to generate structured insights, but does not mention consent for recording, confidentiality obligations, or handling of sensitive discussion content. In pharma scientific engagement, these materials may include identifiable statements, unpublished research views, or commercially sensitive information, so ingesting them without safeguards materially increases privacy and confidentiality risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow explicitly allows processing meeting records/audio into automated minutes but does not mention participant consent, lawful basis, retention limits, or handling of sensitive content. In a pharmaceutical setting, recordings may include employee data, commercial strategy, medical information, or compliance-sensitive discussions, so silent automation increases privacy and confidentiality risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The CRM data maintenance workflow involves customer data entry and validation but omits safeguards around personal data minimization, authorization, and risks from automated or semi-automated writes into business systems. In pharma, CRM records may contain HCP/customer personal data and interaction history, so weak controls can lead to privacy violations, unauthorized updates, or propagation of incorrect data across downstream systems.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal