ClawHub

Chinese Medicine 10edition

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Traditional Chinese Medicine reference with no code-like malware behavior, but it needs Review because many files give actionable medical treatment or procedure guidance without consistent point-of-use safety limits.

Install only if you want a TCM educational/reference library and can enforce separate medical-safety policy. Do not use it for self-diagnosis, self-medication, emergency triage, acupuncture, manipulation, surgery-like procedures, pregnancy/bleeding/respiratory complaints, or drug/lab work without qualified professional oversight.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (87)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README includes point-of-use examples for syndrome differentiation, formula recommendation, and acupuncture point selection that read like actionable medical guidance, but the examples themselves do not repeat strong supervision and non-self-treatment warnings. In a medical skill, this increases the chance that users will rely on model output for diagnosis, prescribing, or invasive procedures without qualified clinician review, creating meaningful safety risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill advises '切开引流' for a perianal abscess without clearly instructing the user to seek urgent evaluation and treatment by a qualified clinician. Because incision and drainage is an invasive procedure with risks including bleeding, worsening infection, fistula formation, and delayed treatment of deeper anorectal infection, presenting this as a skill step can enable unsafe self-treatment or unqualified care.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill provides operational guidance for drug discovery, solvent-based extraction, and animal efficacy testing without any safety, legal, biosafety, ethics, or expert-supervision warnings. Even though it is framed at a high level, it could encourage unqualified users to attempt hazardous wet-lab or animal work, especially the use of volatile solvents and infection-related experiments, creating real safety and compliance risks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill gives condition-specific treatment principles and recommends therapeutic direction and formulas without a prominent user-facing warning that this is not a substitute for professional diagnosis or that self-treatment may be unsafe. Because it targets eye symptoms and differential diagnosis, users could misclassify serious ocular disease or delay timely care, leading to preventable vision harm.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill provides step-by-step instructions for spinal and joint manipulation, including cervical rotation to the maximum limit and forceful adjustment techniques, but does not explicitly require qualified professional supervision or warn against self-administration. In this context, omission of a strong safety boundary is dangerous because an untrained user could attempt high-risk manipulations and cause serious musculoskeletal or neurovascular injury.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill provides stepwise treatment guidance for acute heavy uterine bleeding ('暴崩', immediate hemostatic actions, medication/formula selection) but does not clearly instruct users to seek urgent in-person medical care or state that the skill is not a substitute for emergency evaluation. In this context, omission of escalation guidance is dangerous because users may delay emergency treatment for severe blood loss, shock, pregnancy-related emergencies, coagulopathy, or underlying pathology despite the text mentioning acute bleeding management.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill gives diagnosis-like triage logic plus specific treatment recommendations and herbal formulas, but only includes a scope note about TCM applicability rather than a clear user-facing medical disclaimer. Users may rely on the output as actionable care guidance and delay appropriate clinical evaluation, especially because allergic or nasal symptoms can overlap with conditions needing different assessment or contraindicated herbal use.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger condition is broad enough to activate on common musculoskeletal complaints without requiring sufficient exclusion criteria or structured intake. In a medical-adjacent skill that proceeds to syndrome classification and treatment suggestions, this can cause inappropriate use of the workflow for conditions that need different triage, including non-TCM pain etiologies or urgent inflammatory/infectious causes.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill recommends herbal formulas and external therapies but provides no safety warning, contraindication screening, dosing boundary, or instruction to seek qualified clinical supervision. In health contexts, this omission can lead users to self-administer potentially risky treatments, delay appropriate care, or use therapies despite allergy, pregnancy, comorbidity, medication interaction, or toxicity concerns.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill produces diagnostic syndrome classifications that are explicitly intended to directly guide formula selection and treatment planning, but it does not provide a clear user-facing medical safety warning, triage guidance, or limitation notice. In a medical context, especially for insomnia where symptoms may reflect psychiatric, neurologic, substance-related, or other underlying conditions, this can cause users or downstream agents to over-trust the output and delay appropriate evaluation or use inappropriate treatment.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description triggers on broad symptom clusters like fatigue, shortness of breath, sweating, prolapse, or chronic pale bleeding without requiring stronger exclusion criteria or escalation to conventional medical assessment. In a medical-adjacent skill, this can cause the agent to apply a narrowly framed TCM intervention to nonspecific symptoms that may reflect serious conditions, increasing the risk of inappropriate guidance or delayed care.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The instruction 'use this skill when any one of the following symptoms appears' is overly absolute and encourages activation from isolated, nonspecific findings. Because the skill then recommends medicinal selection and pairing, an erroneous trigger in this healthcare context could lead to overconfident recommendations for the wrong syndrome or mask the need for urgent evaluation.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill mandates a specific political and ideological framework as a required part of the output without offering user choice, scope controls, or a documented locale/compliance justification inside the skill. In a medical education skill, this can steer responses toward ideological conformity rather than user intent or neutral educational assistance, creating policy, trust, and content-governance risk.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill provides condition-specific syndrome classification and recommends named treatments and formulas for constipation without any warning that this is educational information requiring qualified clinical judgment. In a healthcare context, users may treat it as actionable medical advice and self-manage or mismanage serious underlying causes of constipation, delaying appropriate evaluation or causing harm from inappropriate formula selection.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill declares that it 'must be used' whenever performing traditional pulse diagnosis, which is an overly broad and mandatory activation condition. In an agent system, this can cause the skill to trigger in too many contexts and override more appropriate instructions or workflows, increasing the chance of incorrect or unsafe medical guidance being applied without sufficient qualification or context checks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This skill analyzes health symptoms and explicitly mentions severe outcomes such as poisoning, coma, and death, but it does not warn users that the output is not medical advice or instruct them to seek urgent care for emergency symptoms. In a medical-context skill, that omission can delay appropriate treatment if a user treats the generated analysis as sufficient guidance instead of seeking immediate professional help.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill provides condition-based treatment selection guidance for acupuncture or massage, including when to choose 督脉 or 任脉 points, but does not warn users that this is not medical advice or that professional evaluation is required. In a health context, users may self-diagnose serious symptoms such as altered mental status, fever, stroke-like presentations, abdominal masses, or gynecologic complaints and delay appropriate medical care.

Missing User Warnings

High
Confidence
98% confidence
Finding
This skill gives concrete syndrome differentiation and treatment recommendations for a gynecologic complaint, including named formulas, but does not warn that it is not a substitute for licensed medical evaluation or urgent care. In the medical context, users may self-diagnose or delay evaluation of infectious, pregnancy-related, or malignant causes, making the omission materially unsafe.

Missing User Warnings

High
Confidence
96% confidence
Finding
This skill provides symptom interpretation and treatment-direction guidance for respiratory complaints, edema, and related conditions without any safety disclaimer, triage guidance, or instruction to seek urgent medical care for red-flag symptoms. Because it addresses potentially serious breathing problems such as dyspnea, wheezing, and shortness of breath, users may rely on the skill instead of obtaining timely professional evaluation, increasing the risk of delayed diagnosis or inappropriate self-management.

Missing User Warnings

High
Confidence
97% confidence
Finding
This skill gives concrete diagnostic criteria and treatment instructions, including a named herbal formula and symptom-based modifications, but does not warn users that it is not a substitute for licensed medical evaluation. In a medical context, omission of that warning can encourage self-diagnosis or inappropriate treatment, especially because respiratory symptoms may overlap with conditions requiring conventional assessment or urgent care.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation description is broad and ties activation to common, nonspecific symptoms such as mood changes, menstrual irregularities, digestive issues, bleeding tendency, or edema. In a health-related skill, this can cause over-triggering and premature framing of user symptoms under a single TCM mechanism, which may crowd out safer triage or differential assessment for potentially serious conditions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The '使用时机' section uses symptom-led triggers without clear activation boundaries, so the skill may activate for many routine complaints and infer '肝失疏泄' too readily. Because the content concerns medical interpretation, ambiguous triggering increases the risk of misclassification, delayed escalation, and reinforcing a single explanatory model for symptoms that may need conventional medical evaluation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This skill gives diagnostic framing and treatment-direction recommendations for potentially serious symptoms including non-traumatic bleeding, hemoptysis, hematemesis, epistaxis, heavy menstrual bleeding, and metrorrhagia, yet it does not instruct users to seek urgent medical evaluation or emergency care when appropriate. In a medical skill context, omission of escalation guidance can delay diagnosis of life-threatening causes and lead users to rely on non-emergency self-management for symptoms that require prompt professional assessment.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill's activation criteria are broad clinical conditions such as myocardial ischemia, cerebral hypoperfusion, hypertension, diabetes complications, fever, and liver injury, without strong gating for clinician oversight, severity thresholds, contraindication screening, or escalation to standard care. In a medical decision-support context, this can cause over-invocation and inappropriate reliance on a pharmacology summary for acute or serious conditions where delayed evidence-based treatment could harm patients.

Missing User Warnings

High
Confidence
97% confidence
Finding
This skill provides a structured differential-diagnosis and treatment-selection workflow, including named herbal formulas and modification guidance, but does not prominently instruct users to seek evaluation from a licensed clinician or warn against self-treatment. In a medical context, especially where symptoms may overlap with serious illness and herbal formulas can have contraindications, this can enable unsafe self-diagnosis and inappropriate treatment delays.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal