ClawHub

Histology and Embryology-PMPH-10edition

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate-looking medical education skill pack, but several subskills give direct clinical treatment, diagnosis, and lab-procedure guidance without enough runtime safety boundaries.

Install only if you intend to use it as an educational/reference aid. Do not rely on it for diagnosis, treatment, pregnancy decisions, medication or immunotherapy selection, surgical timing, transfusion decisions, emergency care, or hazardous lab work without qualified professional oversight and current local guidelines.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Context-Inappropriate Capability

High
Confidence
81% confidence
Finding
Several listed skills claim to evaluate treatment feasibility, monitor safety, or formulate management strategies, which materially exceeds a textbook-reference role. In an agent setting, that kind of broad clinical-action framing can lead to overconfident medical guidance without sufficient safeguards, creating real patient-safety risk if users rely on it as decision support.

Context-Inappropriate Capability

High
Confidence
84% confidence
Finding
Skills that claim to guide transplantation, tissue repair, or postnatal intervention cross from descriptive education into actionable medical intervention advice. In this context, the skill set is presented as a broad, easy-to-invoke collection, which makes unsafe reliance more likely and increases the chance of inappropriate or unsupervised medical recommendations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This is a medical education skill pack covering histology, embryology, congenital malformations, diagnosis-related topics, and clinical associations, yet it lacks a clear disclaimer that the material is educational only and not a substitute for professional clinical judgment. That omission can cause users to over-trust generated outputs for real patient care, especially because several listed skills sound diagnostic or management-oriented.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The skill explicitly requires adherence to a specific political-ideological framework and presents it as mandatory, without user choice, scope limitation beyond a narrow textbook workflow, or neutral framing. In an agent setting, this can bias outputs, suppress plural or user-directed perspectives, and create compliance risks if the skill is applied outside its intended policy-bound editorial context.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill gives direct recommendations for high-risk, irreversible medical interventions, including prenatal invasive procedures, pregnancy termination, and neonatal shunt surgery, without an explicit safety warning, specialist-only restriction, or instruction to defer to urgent clinical evaluation and formal guidelines. In an agent setting, this could cause users to treat the content as actionable medical advice and pursue dangerous decisions without appropriate diagnostic confirmation, informed consent, or multidisciplinary oversight.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill gives concrete medical guidance on preconception counseling, prenatal screening/diagnostics, and postnatal or even intrauterine interventions, but it does not warn that the output is informational only and must not replace licensed obstetric, genetic, neonatal, or public-health clinical judgment. Because the content includes timing-sensitive and high-stakes recommendations that could influence pregnancy management and invasive procedures, users may over-rely on the agent and make unsafe decisions without appropriate professional supervision.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill gives actionable specimen-preparation steps involving toxic and hazardous substances such as glutaraldehyde, osmium tetroxide, uranyl acetate, and lead citrate, but it does not provide any user-facing safety warning, PPE guidance, ventilation requirements, waste-disposal instructions, or restriction to trained laboratory settings. In a practical lab-oriented skill, this omission can lead users to handle volatile, toxic, and heavy-metal reagents unsafely, increasing the risk of inhalation, skin/eye exposure, contamination, and regulatory violations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill provides quasi-clinical guidance for assessing epithelial regeneration and explicitly suggests intervention strategies such as stem cell transplantation and basement membrane protection, but it contains no warning that it is educational only, not medical advice, and requires qualified clinical oversight. In a safety-sensitive medical context, this omission can lead users to apply simplified textbook rules to real patients, risking inappropriate treatment decisions, delayed care escalation, or unsafe self-management.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The invocation rule is overly broad and effectively allows loose semantic matching for skill activation without strong boundaries or exclusion criteria. In an agent environment, this can cause unintended routing into specialized medical or intervention-oriented skills, increasing the risk of inappropriate outputs or bypass of narrower safety expectations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill recommends limbal stem cell transplantation for severe ocular surface disease without clearly warning that this is a specialist ophthalmic procedure requiring formal diagnosis, surgical qualification, and perioperative management. In a medical guidance context, omission of explicit safety boundaries can enable unsafe self-triage or overconfident non-specialist use, potentially leading to delayed appropriate care or harmful treatment decisions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill gives treatment-selection guidance for PD-1/PD-L1 inhibitor use and frames an actionable recommendation ('可考虑使用') without a clear user-facing disclaimer that it is informational only and not a substitute for oncologist evaluation. In a medical skill, this can encourage overreliance on simplified criteria such as PD-L1 expression and T-cell infiltration while omitting broader clinical factors, contraindications, adverse effects, and guideline-based decision-making.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal