ClawHub

Pharmacology-PMPH-10edition

Security checks across malware telemetry and agentic risk

Overview

This text-only pharmacology skill pack has no malware-like behavior, but it gives high-risk clinical treatment guidance with inconsistent and under-scoped safety boundaries.

Treat this as a Review item, not malware. Install only for educational or clinician-reviewed reference use, and do not let it act as standalone medical advice. Before using it in any patient-facing or clinical workflow, add hard safeguards requiring qualified clinician oversight, emergency escalation, current guideline and labeling checks, and review of the inconsistent contraindication and dosing rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (48)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill states as a precondition that patients must have no history of sudden sleep episodes, but the execution steps then treat sleep risk as only something to disclose and monitor while still proceeding with therapy. In a medication-guidance skill, this kind of internal contradiction can cause an agent or clinician to inappropriately initiate dopamine agonists in a higher-risk patient, increasing risk of accidents or patient harm.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The document says the drug is prohibited for patients whose work requires driving or operating machinery, yet the output still instructs to enable the drug and merely issue a no-driving warning. That inconsistency can lead a downstream agent to prescribe first and warn later, instead of recognizing that occupational dependence on driving or machinery should block or defer use.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
该技能在触发条件中对拉贝洛尔适用/禁用标准定义不一致,容易让使用者在脑出血急性期或儿童静脉用药等高风险场景下误判为可用。医学用药决策依赖清晰的一致性规则,这类冲突会直接导致错误分诊、错误给药路径或遗漏禁忌证审查。

Intent-Code Divergence

High
Confidence
98% confidence
Finding
文档一处表述拉贝洛尔可安全用于孕妇,另一处又称高血压危象时禁用于孕妇,形成直接矛盾。该冲突发生在妊娠与高血压危象这类高风险临床场景,可能导致延误合适治疗或错误拒绝/实施用药,对孕妇和胎儿均有显著安全风险。

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill describes the NCC target site as the '远曲小管近端', which is anatomically and pharmacologically inconsistent and can confuse the actual site of action. In a clinical pharmacology skill, inaccurate mechanism descriptions can mislead downstream medical reasoning, teaching, or drug-selection guidance, especially when the skill is intended for practical use.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill encodes an overly broad clinical rule that effectively treats biomarker confirmation as mandatory before all targeted small-molecule and monoclonal-antibody therapies, then blocks treatment if testing is negative or absent. In a medication-guidance skill, this can produce unsafe denials or delays of appropriate therapy for drugs and indications where such testing is not universally required, making the logic clinically hazardous rather than merely stylistically imprecise.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The note acknowledges exceptions, but the operative workflow and output decision still impose an unconditional prohibition when tests are negative or not performed. This contradiction is dangerous because downstream users or agents are likely to follow the rigid decision block instead of the caveat, leading to inappropriate withholding of therapy or refusal to consider approved non-biomarker-dependent uses.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill gives contradictory clinical guidance by listing thyroid cancer as an applicable scenario early on, then later stating the drug is contraindicated in thyroid cancer. In a medication-use skill, this inconsistency can directly mislead clinicians or downstream agents into selecting antithyroid therapy for an inappropriate or harmful indication, creating patient-safety risk.

Missing User Warnings

High
Confidence
96% confidence
Finding
The README presents the skill set as a source of solutions for real clinical questions and enumerates many treatment-selection, contraindication, emergency management, and dosing skills without any visible disclaimer that the content is educational and not a substitute for licensed medical judgment. In a medical context, this omission can encourage overreliance on automated guidance for patient care, increasing the risk of unsafe treatment decisions.

Missing User Warnings

High
Confidence
98% confidence
Finding
The usage section tells users they can simply ask a question and trigger precise knowledge modules, including scenarios involving emergency rescue, dosage adjustment, anticoagulation, anesthesia, and oncologic treatment selection, but it does not warn that these are high-risk domains requiring professional supervision. This framing lowers user caution and may lead non-experts to treat the skill as actionable bedside guidance rather than educational reference material.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill gives concrete androgen/anabolic prescribing and administration guidance for serious conditions, including routes, indications, and adverse-effect monitoring, but omits explicit warnings that these are prescription-only drugs requiring licensed clinician oversight and individualized risk assessment. In a medical assistant context, that omission can encourage unsafe self-medication or overconfident use despite major risks such as hepatotoxicity, cardiovascular events, endocrine effects, contraindications, and cancer-related harms.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This medical reference provides drug mechanism, pharmacokinetic parameters, interaction notes, and special-population guidance without an explicit disclaimer that it is informational only and must not replace clinician judgment or patient-specific prescribing decisions. In a clinical pharmacology skill, users may over-rely on concise reference tables for real treatment choices, increasing the risk of inappropriate prescribing or use in pregnancy, hepatic impairment, or drug-interaction scenarios.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill gives concrete antibiotic dosing-frequency guidance based on PAE and PK/PD concepts, but it does not clearly state that this is clinical decision support requiring licensed medical oversight, patient-specific review, and local guideline verification. In a clinical context, users could overgeneralize these rules and apply them without considering infection site, renal/hepatic function, organism MIC, toxicity risks, or institutional protocols, creating a real risk of underdosing, treatment failure, resistance selection, or toxicity.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill provides step-by-step emergency poisoning management instructions, including gastric lavage, IV physostigmine dosing, diazepam use, and ventilation support, but does not prominently restrict use to licensed clinicians or supervised emergency settings. In an agent context, this creates a real risk that lay users could follow invasive or time-critical interventions without proper diagnosis, monitoring, airway support, or contraindication checks, leading to serious injury or death.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill gives direct treatment and post-exposure prophylaxis guidance for an antiviral without any warning that clinical use depends on diagnosis, timing, contraindications, drug interactions, pregnancy status, resistance patterns, and professional judgment. In a medical skill, presenting a definitive recommendation can cause unsafe self-medication or overconfident use by an agent, especially because prophylaxis and treatment decisions are patient-specific and regulated.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill gives operational guidance to initiate blinatumomab therapy and continuous IV infusion, but omits explicit warnings that this is a high-risk specialist treatment requiring oncology/hematology oversight, protocolized monitoring, and management readiness for severe toxicities such as cytokine release syndrome and neurotoxicity. In a clinical-assistant context, presenting these steps as straightforward execution guidance can encourage unsafe use by non-specialists or outside appropriate care settings.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger conditions are broad enough to overlap with common medical consultation scenarios, which can cause the skill to activate in situations where narrower specialist logic would be safer. In a clinical pharmacology context, mis-triggering can expose users to immunosuppressant guidance without sufficient diagnostic, language, or workflow gating, increasing the chance of inappropriate recommendations.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger conditions are broad enough to activate on common neurological or psychiatric symptom descriptions and then provide condition inference plus medication direction. In a clinical-pharmacology skill, this increases the chance of inappropriate routing, overconfident disease association, and unsafe drug suggestions for users who may not fit the intended scope or may require urgent in-person evaluation.

Missing User Warnings

High
Confidence
96% confidence
Finding
This skill provides concrete medication-selection guidance for Parkinson's disease, including contraindications, monitoring intervals, and treatment outputs, but it does not warn users that the content is not a substitute for clinician judgment. In a medical context, omission of that safeguard can cause users to follow the algorithm as definitive advice despite patient-specific factors, comorbidities, drug interactions, and evolving clinical guidelines.

Missing User Warnings

High
Confidence
98% confidence
Finding
This is a true safety vulnerability because the skill provides concrete anticoagulant reversal instructions for warfarin, including vitamin K dosing and blood product use, without prominently warning that this is high-risk medical guidance requiring licensed clinician oversight and urgent emergency evaluation for severe bleeding. In an agent setting, users may treat the steps as direct treatment advice, which could delay emergency care or lead to harmful under- or over-correction of anticoagulation.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill provides actionable guidance for designing chemotherapy sequencing based on tumor growth fraction and cell-cycle distribution, but it does not clearly state that the content is educational reference material and not a substitute for oncologist judgment, institutional protocols, and patient-specific assessment. Because chemotherapy regimen selection is high-risk and depends on diagnosis, staging, organ function, prior therapies, comorbidities, drug interactions, and toxicity monitoring, an agent could over-trust this generic framework and generate unsafe treatment recommendations.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill is entirely written in Chinese with no explicit language selection or user opt-in, which can cause operators or upstream agents to misinterpret contraindication logic in a medication safety workflow. In a clinical pharmacology skill, misunderstanding eligibility or contraindications for dronedarone could lead to inappropriate treatment recommendations, so the language-only design creates a real safety and security risk through misuse.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill gives medication-interaction warnings and suggests dose adjustment, drug substitution, and enhanced monitoring, but it does not state that these outputs are advisory only and must be verified by a licensed clinician or pharmacist. In a clinical context, users may over-trust the recommendation and act on it directly, creating a realistic risk of patient harm from incorrect or incomplete interaction assessment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill provides clinical seizure classification output intended to guide antiepileptic drug selection, but it does not warn that the result is not a substitute for clinician judgment or urgent medical evaluation. In a high-risk medical context that explicitly includes status epilepticus as an emergency, omission of escalation and professional-review language can contribute to delayed emergency care, misclassification, and unsafe treatment decisions.

Missing User Warnings

High
Confidence
97% confidence
Finding
This skill provides concrete fluoxetine dosing-adjustment guidance based on hepatic and renal function, but it lacks an explicit warning that the output is for qualified clinician use and must be independently verified before any treatment change. In a medication-management context, users may over-trust the instructions and alter antidepressant therapy without considering the full clinical picture, creating risk of toxicity, withdrawal issues, therapeutic failure, or drug-interaction harm.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal