ClawHub

Medical Imaging 9th Edition

Security checks across malware telemetry and agentic risk

Overview

This is a text-only medical imaging skill set with no malware signal, but it needs Review because it gives high-risk medical diagnosis, treatment, emergency, and invasive procedure guidance without consistent clinician-only, safety, and privacy guardrails.

Install only if this will be used as educational or clinician-reviewed medical reference material. Do not use it for self-diagnosis, emergency triage, medication dosing, treatment initiation, or performing procedures without qualified clinical oversight and institutional protocols. Avoid entering identifiable patient information or image metadata unless your organization permits it and the data is properly de-identified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (22)

Missing User Warnings

High
Confidence
93% confidence
Finding
This index prominently exposes many invasive and interventional radiology skills, including puncture, embolization, stenting, TIPS, EVAR/TEVAR, and hemostatic procedures, but provides no visible safety disclaimer that these are high-risk clinical actions requiring licensed supervision and patient-specific judgment. In a medical skill catalog, omission of such guardrails can facilitate overreliance by unqualified users or use outside appropriate clinical settings, increasing the chance of patient harm.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The usage section instructs users to invoke skills directly by name, but does not warn against submitting identifiable patient data even though many listed skills depend on clinical images, diagnoses, and treatment context. That omission can lead users to paste protected health information or imaging metadata into the system without de-identification, creating privacy, compliance, and data-governance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The catalog explicitly includes invasive interventional radiology procedures such as vascular puncture, embolization, TIPS, PTCD, and vertebroplasty, yet the top-level skill file provides no safety disclaimer that this material is educational and not appropriate as standalone procedural guidance. In a medical context, omission of such framing can encourage unsafe reliance by unqualified users or use without proper supervision, increasing risk of patient harm.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill provides step-by-step guidance for emergency interventional hemostasis, including embolization, vasopressin infusion, and covered stent placement, but does not prominently warn that these are high-risk specialist procedures with potentially irreversible consequences such as spinal cord ischemia, organ infarction, contrast reactions, and death. In an agent setting, this omission can make unsafe procedural guidance appear routine or generally actionable, increasing the risk of misuse by underqualified users or use without adequate supervision and informed consent context.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are broad and loosely bounded, including generic phrases such as '智能预约/扫描/诊断/报告' and '医学影像工作流优化'. In an agent environment, this can cause the skill to activate in unintended contexts, leading the system to provide AI-enabled medical workflow guidance when the user did not explicitly request this specific skill, which is more sensitive because it concerns clinical imaging processes.

Missing User Warnings

High
Confidence
97% confidence
Finding
This skill provides triage-like guidance to distinguish benign from malignant bone tumors and explicitly advises whether biopsy or emergency intervention may be needed, but it contains no clinician-only restriction, uncertainty warning, or requirement for specialist confirmation. In a medical context, such omission is dangerous because users may over-trust preliminary imaging heuristics and make delayed, inappropriate, or urgent care decisions based on incomplete information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill gives stepwise guidance for selecting cardiovascular imaging, including direct escalation to invasive procedures such as coronary angiography in emergencies, but it does not explicitly state that these decisions must be made by qualified clinicians in appropriate care settings. In a medical skill, omission of supervision and anti-self-use warnings can enable unsafe overreliance or misapplication, especially because the content appears operational and authoritative.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger condition activates on 'any discomfort symptoms' during contrast administration, which is overly broad and can cause the skill to be invoked for nonspecific or unrelated symptoms. In a medical workflow, such ambiguity can lead to unnecessary emergency escalation, inappropriate interruption of imaging, or misclassification of benign expected sensations as adverse reactions.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill provides concrete emergency drug dosing and invasive interventions such as epinephrine injection, dexamethasone administration, ACLS, CPR, and tracheotomy/tracheostomy-related action without an explicit warning that it is for licensed clinicians operating under institutional protocols. Because this is high-acuity medical content, omission of qualification and safety constraints increases the risk of unsafe use by untrained users or use outside proper monitoring and resuscitation settings.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill discusses thresholds that may indicate clinically significant ischemia and even acute myocardial infarction, and says the output will be used to assist treatment decisions, but it provides no explicit warning that it is not a substitute for urgent medical evaluation. A user could over-rely on the rule-based output, delay emergency care for ongoing chest pain, or self-triage incorrectly, which is especially dangerous in possible ACS/MI scenarios.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill presents imaging findings as a direct activity scoring output that will 'guide treatment decisions' without any limitation statement that it is educational support only and not a standalone basis for diagnosis or management. In a medical context, this can encourage overreliance on a simplified imaging-only rule set, potentially leading to misclassification of Crohn's disease activity or missed differential diagnoses such as intestinal tuberculosis and lymphoma.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill explicitly requires inclusion of a specific political/ideological framework as part of how the task must be performed, without presenting it as optional or user-directed. In an agent setting, this can bias outputs, override user neutrality expectations, and create compliance or viewpoint-enforcement behavior unrelated to the core medical-imaging editing task.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill gives clinical management recommendations such as starting anti-tuberculosis treatment or proceeding to biopsy/follow-up without an explicit limitation that the content is decision support only and must be confirmed by a qualified clinician. In a medical-imaging skill, this is especially risky because users may over-trust the workflow and act on imaging features alone, leading to mistreatment, delayed cancer diagnosis, or unsafe treatment initiation.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill gives step-by-step instructions for an invasive vascular access procedure involving arterial puncture, guidewire insertion, and sheath placement, but it does not include strong warnings about hemorrhage, arterial dissection, infection, embolic complications, radiation exposure, sterile technique, contraindications, or the requirement for trained clinicians in a controlled medical setting. Because this is a high-risk procedure, presenting it as an actionable workflow without explicit supervision and safety constraints could enable unsafe real-world use by unqualified users.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill provides step-by-step instructions for a highly invasive interventional radiology procedure but does not clearly state that it is only for licensed, trained specialists operating in an appropriate clinical setting. Because the content is procedural and actionable, an unqualified user could misinterpret it as sufficient guidance and attempt unsafe medical action, creating serious patient harm risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill provides medical image interpretation guidance that could be used by non-professionals to draw diagnostic conclusions, but it does not clearly state that the content is educational/supportive only and not a substitute for qualified clinical judgment. In a medical context, omission of that warning increases the risk of overreliance, misinterpretation, delayed care, or inappropriate reassurance based on limited X-ray findings and the skill's simplified decision cues.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This skill provides structured medical image interpretation and instructs the agent to output an integrated diagnostic conclusion with a certainty level, but it does not include any user-facing warning that the output is informational only and not a substitute for licensed clinical judgment. In a medical context, omission of such guardrails can encourage overreliance on automated diagnostic guidance, increasing the risk of delayed care, misdiagnosis, or inappropriate self-management.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This skill provides structured medical diagnostic guidance and recommends consequential actions such as issuing a malignancy alert and suggesting biopsy, but it does not clearly state that the output is decision support only and must not replace clinician judgment. In a clinical context, omission of that warning can cause users to over-trust the skill as an authoritative diagnostic workflow, increasing the risk of misdiagnosis, delayed care, or unnecessary invasive procedures.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill provides detailed diagnostic classification output for diffuse gliomas, including WHO grading and molecular subtype predictions, but does not clearly state that these results are only decision support and must be confirmed by specialist radiology, neuropathology, and molecular testing. In this medical context, omission of that warning can lead users to over-trust imaging-based output and act on an unconfirmed diagnosis, creating a real patient-safety risk.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill recommends starting treatment, escalating workup, and considering invasive diagnostics based on report categories without an explicit requirement for independent clinician verification, patient-specific contraindication review, or informed risk-benefit assessment. In a medical setting, this can cause premature treatment, unnecessary invasive procedures, or missed alternative diagnoses if users over-trust the workflow as authoritative.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill gives prescriptive instructions for invasive airway interventions, including device sizing and procedural execution, but does not clearly state that it is for trained clinicians only or that it cannot replace specialist judgment, bronchoscopy/interventional pulmonology standards, and institution-specific protocols. Because these are high-risk procedures involving potential airway rupture, hemorrhage, and respiratory compromise, omission of this warning increases the chance of unsafe reliance by unqualified or insufficiently supervised users.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill provides step-by-step instructions for an invasive balloon dilation procedure that can cause vessel dissection, rupture, thrombosis, bleeding, infection, or organ injury, yet it contains no warning that it is for trained clinicians only and no requirement for supervised clinical use. In a broadly accessible agent skill, this omission increases the risk that unqualified users may treat the instructions as actionable medical guidance despite the procedure's high acuity and need for imaging, sterile technique, emergency readiness, and patient-specific judgment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal