ClawHub
Back to skill

Security audit

Epidemiology of Infectious Diseases-PMPH-10edition

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real infectious-disease reference skill, but it needs Review because it contains actionable clinical treatment, dosing, critical-care, invasive-procedure, and bioweapon-classification guidance without consistent runtime safety limits.

Install only if you intend to use it as supervised educational or clinician-reviewed reference material. Do not rely on it for self-diagnosis, prescribing, dosing, emergency care, invasive procedures, public-health response, or bioweapon-risk decisions without qualified medical/public-health oversight and current local guidelines.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (61)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file is materially out of scope for a clinical infectious-disease skill: it organizes pathogens explicitly under bioweapon-style A/B/C threat categories and includes operationally sensitive framing about release consequences, environmental persistence, and large-scale emergency response. In a medical-reference skill, this creates dual-use misuse value and broadens the skill from diagnosis/treatment into threat-oriented biological agent profiling.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The flagged section includes weaponization-oriented attributes such as aerosolizability, lethality, and rapid spread in the context of '作为生物武器特点', which is not necessary for ordinary clinical care. That kind of framing increases harmful capability by helping users compare agents for mass-casualty misuse rather than supporting bedside diagnosis or treatment.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This is a real safety weakness for a medical-reference skill because the README encourages users to 'just ask a question and get the answer directly from the textbook' before clearly warning that the material is educational only. In a clinical context, delayed or buried disclaimers can increase the chance that users over-rely on the skill for diagnosis or treatment decisions without professional judgment.

Missing User Warnings

High
Confidence
95% confidence
Finding
This skill catalog provides extensive clinical diagnosis, treatment, emergency management, antimicrobial use, and invasive procedure guidance, but it does not clearly warn that the material is for trained clinicians and not a substitute for professional medical judgment. In a high-risk medical domain, omission of such guardrails can lead to misuse by unqualified users, unsafe self-treatment, delayed care, or overreliance on the agent for urgent decisions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The file provides detailed IV fluid compounding formulas, electrolyte composition, infusion volumes, and drip rates for cholera, including pediatric adjustments, without any caution that this is high-risk medical content requiring trained clinical judgment. Errors in IV fluid selection, potassium administration, concentration, or rate can cause severe harm such as arrhythmia, fluid overload, osmotic/electrolyte derangement, or death, especially if reused outside a supervised clinical setting.

Missing User Warnings

High
Confidence
96% confidence
Finding
This skill includes specific corticosteroid dosing, tapering, duration, and treatment criteria for SARS without any visible limitation that the content is for licensed clinicians using current guidelines and patient-specific judgment. Because the agent is instructed to operationalize this into care guidance, a user could treat it as direct prescribing advice, which is especially dangerous given respiratory infections, steroid risks, contraindications, and the possibility that portions of the guidance may be outdated.

Missing User Warnings

High
Confidence
98% confidence
Finding
The output requirements explicitly tell the agent to produce treatment decisions, steroid-use determinations, dosing/de-escalation orders, severity classification, and admission recommendations, but provide no safety disclaimer, role restriction, or requirement for clinician confirmation. In a high-risk medical domain, that creates a realistic path for unsafe autonomous or patient-facing recommendations that could directly affect triage, ventilation decisions, steroid exposure, and antiviral/antimicrobial management.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill provides actionable guidance for an invasive drainage procedure and intralesional drug administration without an explicit warning that this is a high-risk medical intervention requiring qualified clinicians, sterile technique, imaging guidance, and emergency backup. In a general-purpose agent setting, omission of those safeguards could enable unsafe reliance by unqualified users and increase the risk of hemorrhage, perforation, infection spread, medication misuse, or delayed escalation of care.

Missing User Warnings

High
Confidence
97% confidence
Finding
The file provides detailed anthrax treatment regimens, dosing, routes, duration, and special-population adjustments without any explicit warning that this material is intended for qualified clinicians and must not be used as standalone medical advice. Because anthrax is a high-severity infectious disease and these instructions could be misapplied by non-professionals or used without full clinical context, the absence of a supervision warning materially increases the risk of harmful self-treatment, delayed care, or medication misuse.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill provides operational instructions for human anthrax vaccination and emergency vaccination in outbreak settings without explicitly restricting use to qualified public health or clinical professionals under current local protocols. Because anthrax is a high-consequence infectious disease and vaccine products, indications, routes, and schedules are jurisdiction-specific, omission of safety/authority constraints could enable unsafe or unauthorized medical action.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill gives actionable guidance on isolation, contact observation, carcass disposal, and formaldehyde disinfection for anthrax without clearly stating that these are hazardous response activities requiring trained authorities, biosafety controls, and legal oversight. In the context of a serious zoonotic pathogen, such instructions can be misapplied by untrained users, causing exposure, environmental contamination, or improper public health handling.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger logic is overly broad and activates on generic medication-related keywords such as PK/PD, probiotics, vancomycin, and fecal transplant terms without requiring confirmation of clinical context. In a medical-treatment skill, unintended invocation can surface high-risk therapeutic recommendations in irrelevant or low-information situations, increasing the chance of unsafe or misapplied guidance.

Missing User Warnings

High
Confidence
98% confidence
Finding
This skill provides concrete antimicrobial selection, dosing strategy, organ-function adjustment, pregnancy considerations, and FMT prioritization without any explicit warning that the output is informational and must not replace clinician judgment. Because the content directly affects diagnosis-adjacent and treatment decisions in a high-stakes healthcare context, users may over-trust the guidance and apply it without patient-specific review, causing serious harm.

Missing User Warnings

High
Confidence
96% confidence
Finding
该文件提供了大量高风险、可直接执行的抗菌药物剂量、耐药菌联合方案、肝肾功能调整以及FMT操作要点,但没有任何面向用户的醒目警示、适应证边界、禁忌证说明或“仅限合格临床医生使用”的限制。此类内容若被非专业用户、低资历人员或在缺乏患者个体化信息的情况下直接套用,可能导致严重用药错误、毒性、不恰当联合、耐药加重,甚至因FMT相关感染传播而造成患者伤害。

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This skill provides diagnostic triage guidance for a life-threatening condition without an explicit warning that it is not a substitute for urgent medical evaluation and emergency treatment. In the context of suspected botulism, omission of that warning can delay antitoxin access, airway monitoring, and hospital referral, increasing the risk of respiratory failure and death.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to output assessment results that guide fluid resuscitation, correction of acidosis, and potassium replacement, but it does not clearly warn that this is clinical decision support requiring qualified medical supervision. In a cholera dehydration context, incorrect or over-trusted output could lead to harmful treatment decisions, including inappropriate rehydration or electrolyte correction, which can rapidly endanger patients.

Missing User Warnings

High
Confidence
97% confidence
Finding
This file provides concrete safety-critical ventilator, prone-positioning, and ECMO parameter guidance that could be acted on directly, yet it contains no warning that it is reference material for trained clinicians and not a substitute for bedside assessment, local protocols, or specialist oversight. In a clinical skill focused on severe COVID respiratory failure, omission of such guardrails increases the risk of misuse by unqualified users or inappropriate application to patients with differing physiology, causing serious harm or death.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger logic is overly broad and activates on generic medical keywords such as sepsis, fluids, norepinephrine, liver failure, and blood purification without clear role, context, or exclusion criteria. In a high-risk clinical skill, this can cause the agent to surface dangerous treatment guidance in inappropriate conversations, increasing the chance of unsafe or out-of-scope medical advice.

Missing User Warnings

High
Confidence
98% confidence
Finding
The file contains detailed ICU treatment instructions, dosing, hemodynamic targets, anticoagulation, and device operation steps for septic shock and artificial liver support, but provides no warning, limitation, or requirement for specialist supervision. Because these are invasive, time-sensitive, and potentially outdated clinical directives, presenting them without safeguards could directly contribute to patient harm if followed by unqualified users or applied in the wrong setting.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill instructs that every confirmed pulmonary cryptococcosis patient must undergo lumbar puncture and explicitly says there are no exceptions, but it provides no safety screening, contraindications, escalation path, or warning that lumbar puncture is invasive and may be harmful in some patients. In a clinical decision skill, presenting an unconditional invasive procedure rule can cause unsafe medical recommendations, especially if used by non-specialists or outside the intended guideline context.

Missing User Warnings

High
Confidence
97% confidence
Finding
This skill provides concrete high-risk medical treatment guidance for diphtheria antitoxin, including dose selection, timing, route, and allergy handling, but it does not clearly require licensed-clinician supervision, emergency readiness, or verification against current local/national protocols and product labeling. In the medical context, omission of these safeguards can lead to unsafe self-administration, incorrect dosing, inappropriate route selection, or delayed definitive airway and antimicrobial management, creating serious risk of patient harm.

Missing User Warnings

High
Confidence
98% confidence
Finding
The document provides concrete dosing and fluid-resuscitation instructions for fulminant meningococcal shock, including vasoactive drugs, anticoagulation, steroids, and pediatric weight-based dosing, but contains no warning that this is professional reference material requiring qualified clinical judgment. In a general-purpose agent skill, users could treat this as direct medical advice, and several recommendations are highly consequential if outdated, misapplied, or used without monitoring, creating a substantial risk of severe harm or death.

Missing User Warnings

High
Confidence
98% confidence
Finding
This skill provides detailed high-risk clinical management instructions for shock, fluid resuscitation, vasoactive drugs, antiviral dosing, transfusion thresholds, and ICU-level care without any explicit warning that outputs must be used only under qualified clinician supervision and according to local protocols. In a medical agent context, omission of that safety boundary can lead users to act on generalized dosing and resuscitation guidance in situations where patient-specific factors, contraindications, and local standards are critical, creating a serious risk of patient harm or death.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill gives concrete diagnostic classification and treatment-direction guidance for HBV serology interpretation and cholestatic hepatitis vs. liver failure without stating that it is informational support and not a substitute for clinician judgment. In a medical context, omission of this warning can encourage overreliance on the skill's output, increasing risk of misdiagnosis, delayed escalation, or inappropriate treatment decisions for potentially serious liver disease.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section gives treatment-oriented medical decision guidance such as when to start antiviral therapy, when not to treat, and how to interpret HBV DNA and ALT patterns, but it does not clearly warn that the content is reference-only and not a substitute for clinician judgment, current guidelines, or individualized evaluation. In a clinical skill focused on infectious disease management, users may over-trust the table and apply it directly, which could contribute to missed treatment, delayed escalation, or inappropriate management in complex patients.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal