ClawHub

Internal-Medicine-PMPH-10edition

Security checks across malware telemetry and agentic risk

Overview

The skill does not look malicious, but it needs review because it can provide high-risk medical procedures, medication guidance, and patient-data workflows without consistent safeguards inside the actual skill modules.

Install only in a clinician-supervised or medical-education setting. Do not let the agent turn these modules into autonomous treatment orders, medication changes, emergency instructions, or patient-facing advice; require licensed clinical review, local guideline checks, and privacy controls before entering identifiable patient data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (101)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no permissions, yet analysis indicates file_read and file_write capabilities. That mismatch is dangerous because users and the platform cannot accurately assess what the skill can access or modify, and hidden filesystem access can be abused for data exposure or tampering.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The declared purpose is a clinical internal-medicine skill, but the detected behavior includes scanning local skill manifests, generating an index, listing skills, searching metadata, and counting installed skills. This is a significant description-behavior mismatch because it suggests undisclosed local enumeration and file generation capabilities unrelated to the advertised medical function, which could expose system structure or enable unauthorized inventorying of other skills.

Missing User Warnings

High
Confidence
98% confidence
Finding
This skill provides a detailed 72-hour fasting test workflow, including medication stoppage and biochemical monitoring thresholds, but does not explicitly state that the protocol must only be performed under qualified clinical supervision in an appropriate medical setting. Because prolonged fasting and stopping medications can precipitate severe hypoglycemia or worsening of underlying disease, the omission creates a meaningful risk of unsafe self-administration or misuse by unqualified operators.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill gives direct acute heart failure treatment instructions, including vasodilators, diuretics, inotropes, volume expansion, and possible mechanical support, but provides no explicit warning that this is for qualified clinicians only and not a substitute for specialist judgment. In a safety-critical medical context, overly simplified or context-incomplete treatment guidance can lead to harmful treatment selection, especially for unstable patients with shock, mixed etiologies, valvular disease, arrhythmia, ACS, or contraindications.

Missing User Warnings

High
Confidence
97% confidence
Finding
This skill provides concrete high-risk medical interventions, including urate-lowering drugs, IV hydration, urine alkalinization, diuretics, and dialysis triggers, but does not clearly state that it is intended only for qualified clinicians and cannot replace individualized medical judgment. In a clinical-agent setting, omission of that warning increases the chance that users or downstream systems may apply the guidance without considering contraindications, comorbidities, monitoring needs, or current guideline nuances, creating patient safety risk.

Missing User Warnings

High
Confidence
94% confidence
Finding
This skill gives specific β-blocker initiation and IV metoprolol dosing instructions for acute myocardial infarction, including titration thresholds and conversion to oral therapy, but it does not clearly state that the content is for qualified clinicians and not a substitute for bedside judgment, monitoring capability, or local protocols. In a time-critical ACS setting, omission of a prominent safety warning can increase the chance that non-expert users or automated systems apply the guidance inappropriately, potentially causing bradycardia, hypotension, cardiogenic shock, or delayed escalation of care.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill gives concrete clinician-grade medication instructions for acute pancreatitis, including continuous IV infusion, exact dosing, timing, tapering, and response assessment, but it does not clearly state that this is professional-use guidance requiring licensed medical supervision. Because the content could be surfaced directly to end users, it creates a meaningful risk of unsafe self-medication, misuse by unqualified operators, or overconfident reliance on a simplified protocol in a high-acuity condition.

Missing User Warnings

High
Confidence
97% confidence
Finding
This skill gives step-by-step instructions for gastric lavage, an invasive, high-risk procedure, but does not clearly state that it must only be performed by qualified clinicians with airway protection, monitoring, and resuscitation capability. In this context, omission of those safeguards is dangerous because users may treat the protocol as generally actionable, increasing the risk of aspiration, perforation, hypoxia, or use in contraindicated patients.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This skill provides differential diagnosis and testing guidance for acute upper respiratory symptoms without any clear warning that the content is informational and not a substitute for clinician evaluation. In a medical context, users may over-rely on the workflow for self-diagnosis or delay care for serious conditions such as influenza complications, pneumonia, severe bacterial infection, or rash-associated infectious disease.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly handles extensive patient health data, including medical history, imaging, genomics, and unstructured clinical notes, but provides no privacy, consent, retention, de-identification, or transmission safeguards. In a clinical context, this omission is dangerous because it can lead users to input highly sensitive regulated health information into AI workflows without clear boundaries or protections, increasing the risk of data leakage, noncompliant processing, or unauthorized disclosure.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill gives exact induction-treatment dosing for high-risk immunosuppressive therapy, including glucocorticoids, cyclophosphamide, rituximab selection, pulse methylprednisolone, and plasma exchange criteria, without an explicit clinician-only warning, contraindication checks, monitoring requirements, or a statement that specialist judgment is required. In this context, misuse could cause severe patient harm because these drugs have narrow safety margins and are used in life-threatening vasculitis where renal function, infection status, fertility risk, and diagnostic certainty materially affect treatment choice.

Missing User Warnings

High
Confidence
92% confidence
Finding
This file contains specific antiarrhythmic drug doses, infusion rates, contraindications, and emergency-response thresholds, but it does not clearly state that the material is for licensed clinicians and cannot be used as standalone treatment guidance. In a skill that auto-matches clinical questions, this increases the chance that users or downstream agents may treat the reference as authoritative prescribing instructions without patient-specific checks, creating real risk of overdose, contraindicated use, QT prolongation/TdP, or inappropriate arrhythmia management.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill recommends urgent echocardiography based primarily on auscultation-derived severity cues, but it does not clearly warn that bedside murmur characterization is only a preliminary screening aid and can be unreliable in low-output states, arrhythmias, obesity, poor exam conditions, or atypical valvular disease. In a medical triage context, overstating certainty from physical exam findings can contribute to misprioritization, unnecessary urgent testing, or missed alternative diagnoses if users treat the guidance as definitive.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger condition "当临床诊断为AA或SAA时触发本技能" is too broad for a high-risk medical treatment skill because it can activate on general disease mentions without confirming care setting, clinician role, patient age, prior therapies, contraindications, or need for specialist oversight. In this context the skill contains concrete drug dosing for aplastic anemia, so overbroad activation materially increases the chance that treatment recommendations are surfaced inappropriately or to unqualified users.

Missing User Warnings

High
Confidence
98% confidence
Finding
This skill gives direct medication names, doses, titration schedules, and administration instructions for a life-threatening hematologic disorder without an explicit warning that these decisions require licensed hematology oversight. Because AA/SAA treatment depends on severity, age, transplant candidacy, prior IST response, liver function, pregnancy status, infection risk, and close laboratory monitoring, presenting these instructions without strong safeguards could lead to harmful self-treatment, incorrect clinician use, or delayed appropriate care.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill gives treatment-escalation guidance such as intensified statin therapy, dual antiplatelet therapy, and possible revascularization without explicitly stating that the output is only decision support and must be confirmed by a qualified clinician. In a medical skill handling plaque instability and acute cardiovascular risk, omission of this warning can encourage overreliance on the model output and contribute to inappropriate or harmful treatment decisions.

Vague Triggers

Low
Confidence
83% confidence
Finding
The trigger condition is broad enough that the skill could be invoked for rhythms beyond classic atrial flutter or atrial fibrillation, because 'P wave disappearance and abnormal rhythm' is not specific and several arrhythmias or artifact patterns can present similarly. In a clinical decision-support context, that overbroad routing can lead to premature narrowing of the differential diagnosis and downstream misclassification, especially if users rely on the skill output for urgent ECG interpretation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states its output is used to guide clinical treatment decisions, but it does not include any warning that the result is informational only or that a licensed clinician must verify ECG interpretation in clinical context. In a medical workflow, misclassification of AV block severity or level can directly influence urgent management decisions such as monitoring, escalation, pacing evaluation, or medication adjustment, increasing patient safety risk.

Missing User Warnings

High
Confidence
96% confidence
Finding
This skill provides deterministic ECG-based classification guidance for AVRT and related conduction abnormalities without any visible user-facing warning that it is educational support rather than definitive clinical advice. In a clinical context, users may over-rely on the output for arrhythmia diagnosis, and the simplified rules here risk misclassification of wide-complex tachycardias or pre-excited arrhythmias, which can directly affect urgent treatment decisions and patient safety.

Missing User Warnings

High
Confidence
96% confidence
Finding
This skill provides a clinical diagnostic scoring workflow and states that a total score can diagnose Behçet disease, but it does not include any warning that the content is decision support rather than a substitute for clinician judgment. In a medical context, omission of safety boundaries can lead users to over-trust the checklist, miss differential diagnoses, or apply it without appropriate examination and exclusion workup, creating direct patient-safety risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill addresses suspected benzene and aniline poisoning, including clinically significant conditions such as methemoglobinemia, hemolysis, organ injury, and leukemia risk, but it does not clearly warn that the output is informational only and not a substitute for urgent medical evaluation. In a poisoning context, users may rely on mechanistic analysis instead of seeking immediate care, which can delay time-sensitive treatment and increase the risk of serious harm.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill gives actionable acute-management advice for life-threatening CAR-T complications, including when to administer tocilizumab and corticosteroids, but does not explicitly require specialist oversight, confirmation against local protocols, or emergency escalation. In a high-risk oncology setting, omission of these safeguards can lead users to over-rely on the skill, causing delayed recognition of infection or inappropriate treatment of CRS versus isolated ICANS.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill provides a detailed operational workflow for CAR-T therapy, including lymphodepletion dosing, cell collection, manufacturing, infusion, and post-infusion monitoring, but it does not clearly state that this content is for qualified multidisciplinary clinical teams only and cannot substitute for specialist judgment, institutional protocols, product labeling, or regulatory requirements. Because CAR-T is a highly specialized, high-risk intervention with potentially life-threatening complications such as CRS and ICANS, omission of explicit guardrails materially increases the risk of unsafe or out-of-scope use.

Missing User Warnings

High
Confidence
97% confidence
Finding
This skill provides step-by-step defibrillation guidance for cardiac arrest, which is a high-risk emergency medical procedure, but it does not explicitly warn that it is intended for trained responders or that emergency services and local resuscitation protocols must be followed. In a real-world emergency, omission of these guardrails can encourage untrained users to over-rely on the skill, misapply defibrillation, or delay calling for professional help, increasing the risk of serious harm or death.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill provides clinical classification and treatment-directing guidance for central hyperventilation etiologies, including potentially life-threatening causes such as brain lesions, toxic ingestions, shock, and severe hypoxemia, but it does not warn users that it is not a substitute for clinician judgment or emergency evaluation. In a medical skill, omission of this warning can lead users to over-rely on the output, delay urgent care, or apply the classification inappropriately, increasing the risk of patient harm.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal