Mimic Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation helper for generating MIMIC-IV SQL and Python query templates, with no hidden execution or data transfer found.

Install only if you are authorized to work with MIMIC-IV data. Treat generated queries and outputs as sensitive clinical research data, use read-only or least-privilege database accounts where practical, avoid hardcoding real passwords, and scope extracts to the minimum patients, columns, and time ranges needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The Python example shows direct PostgreSQL access to MIMIC-IV clinical data but does not include any warning about PHI sensitivity, access controls, minimum necessary use, or safe handling of extracted results. In a skill explicitly designed to query ICU patient data, omission of privacy and data-governance guidance increases the chance that users will run broad extracts or mishandle regulated clinical data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal