ClawHub

Eicu Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is documentation-only, but it should be reviewed because it provides ready-to-run clinical data extraction and database-changing examples without enough privacy and safety guidance.

Install only if you are authorized to work with eICU data and will review generated SQL before running it. Use least-privilege, preferably read-only database accounts for extraction; run DROP/CREATE examples only in a sandbox or clearly namespaced workspace; avoid exporting raw patient-level rows unless required; and handle credentials and outputs under your institution's data-use rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The document tells users the skill only provides query code, but later includes SQL that drops and creates tables/materialized views. In a database context, this mismatch is dangerous because users may trust the skill as read-only and execute state-changing commands against production or shared research systems, causing data loss or operational disruption.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The phrase 'This skill only provides query code' understates the capability of the included examples, which perform schema/object modification. That inconsistency can mislead operators, bypass expected review for write operations, and increase the chance that unsafe SQL is run under elevated database permissions.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The examples include workflow SQL that materializes results and drops existing objects, extending beyond simple extraction into database modification. In practice, these commands can overwrite prior work, consume storage, lock resources, or disrupt multi-user environments if executed as-is on institutional databases.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The example calls calculate_mortality_rate with status_col='hosp_mortality_numeric', but the function checks for rows equal to the string 'Expired'. This mismatch silently produces an incorrect mortality calculation, which can mislead downstream clinical research or reporting. In a data-analysis skill for ICU outcomes, integrity errors in outcome metrics are security-relevant because they can corrupt decisions and published results.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill is specifically designed to query ICU patient data, yet it provides no explicit warning about PHI-sensitive workflows, access controls, minimum-necessary use, or downstream handling of exported results. In a healthcare context, omission of privacy and governance guidance increases the risk of unauthorized disclosure, insecure exports, or misuse of regulated clinical data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This file contains detailed patient-level SQL templates for extracting ICU data, including mortality, diagnoses, microbiology, medications, and nursing records, but it provides no privacy, authorization, or data-handling warning. In a healthcare-data skill, omission of safeguards can normalize unrestricted querying of sensitive PHI and increase the risk of inappropriate access, over-collection, or downstream disclosure by users who treat the examples as operational guidance.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The file includes runnable database connection code against a clinical dataset and omits any warning about secret handling, least-privilege access, or protected health data practices. In this skill context, users are likely to copy-paste examples directly, which can encourage hardcoded credentials, unsafe local storage of secrets, and casual querying/export of sensitive patient data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file includes concrete SQL and Python examples for connecting to a clinical database and extracting patient-level medication records, but it does not include explicit privacy, authorization, minimum-necessary-use, or de-identification guidance. In a healthcare data context, this omission increases the risk that users will run broad extraction workflows on sensitive patient data without appropriate safeguards, potentially leading to improper access, over-collection, or downstream disclosure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal