ClawHub

Precision Oncology Zhcn

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed oncology research skill that uses PatSnap MCP data access, with some scope and medical-safety caveats but no evidence of hidden, destructive, or deceptive behavior.

Install only if you intend to use PatSnap's MCP service for oncology or pharma research and are comfortable providing an API key to that service. Keep use limited to research, competitive intelligence, and evidence synthesis; verify medical or drug-development conclusions with qualified experts and source documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill is declared for oncology use, but the embedded example scenarios broaden operation to unrelated domains like diabetes and myopia. This can cause the agent to apply specialized biomedical/commercial workflows outside the intended scope, leading to mis-triggering, inappropriate tool use, and unreliable or unsafe medical output in unsupported contexts.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The document frames the skill's core goal as deciding whether and how to develop a cancer drug, which expands it from informational oncology reporting into strategic commercial and R&D decision support. In a high-stakes medical/pharma environment, this broader mandate can drive overconfident recommendations beyond the declared reporting function and increase risk of harmful or non-compliant guidance.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are broad enough to match many ordinary conversations mentioning cancer, tumors, mechanisms, or treatment. Overbroad auto-loading can invoke this skill in contexts where it is unnecessary or inappropriate, increasing the chance of unintended tool calls, medical overreach, and user confusion.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal