lab-unit-harmonization

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only clinical lab harmonization skill with no hidden access or execution, but users should review its missing-data guidance before applying it to real clinical datasets.

Before installing, understand that this skill is data-processing guidance, not validated clinical software. For real patient or research data, have a clinical data or biostatistics reviewer approve the missing-data policy, unit conversion rules, out-of-range handling, and any generated code, especially before dropping incomplete records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to drop every row containing any missing lab value before harmonization, which can silently discard a large fraction of real-world clinical data and introduce severe selection bias. In healthcare analytics, this can distort cohorts, skew model training and evaluation, and remove clinically important partial records without user awareness, creating downstream patient-safety and research-integrity risks.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal