ClawHub
Back to skill

Security audit

Medical Ip Director

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only medical marketing skill with disclosed but privacy-sensitive photo and content-matrix workflows, and no executable or hidden behavior.

Install only if you are comfortable using it for medical-aesthetic marketing content. Do not put patient-identifying details, raw consultation notes, or facial photos into saved matrices, and make sure any photo collection uses explicit consent, secure intake, retention limits, deletion procedures, and human legal/medical review before publication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill explicitly promises that user photos and identifiable health data will not be stored, while other sections require maintaining a cross-conversation content matrix and forced archival. In a medical context, this creates a direct policy-to-behavior contradiction that can mislead users into sharing sensitive images under false assumptions about deletion and retention.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill encourages users to transmit photos and consultation details for medical-style assessment, but it does not provide a meaningful warning about the risks of sending sensitive medical imagery over chat systems. In context, face photos and health-related details are highly sensitive personal data, so insufficient risk disclosure can lead to privacy harm, unintended retention, or secondary use.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow directs automatic creation or updating of a Markdown knowledge base but does not clearly warn users that submitted content may be written to persistent files. This is especially risky because the skill also solicits medical and image-based inputs, creating a realistic chance that sensitive source material or derived details could be retained beyond the user's expectation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script explicitly asks users to send original front and side facial photos for individualized assessment, which involves highly identifiable biometric/health-adjacent personal data. There is no accompanying notice about consent, secure transmission, retention, access controls, or how the images will be used, creating a real privacy and data-protection risk if users comply.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script explicitly instructs users to send front and side facial photos for assessment, which are sensitive biometric/personal data, but it provides no privacy notice, consent language, minimization guidance, or secure submission channel. In a medical/cosmetic context, this is more dangerous because the images may reveal identity and health-related information, increasing privacy and compliance risk.

Ssd 3

Medium
Confidence
92% confidence
Finding
Maintaining a persistent content matrix across conversations encourages retention of prior user-provided material and is inconsistent with the claimed temporary-use privacy model. In this medical marketing context, even derived notes can encode sensitive personal or health-related information, increasing privacy and compliance risk.

Ssd 3

Medium
Confidence
95% confidence
Finding
A forced archiving step semantically instructs the system to store processed source material into a knowledge base. Because the skill operates on doctor interviews, consultation context, and user-submitted assessment material, this creates a realistic path for sensitive or proprietary content to be persisted without sufficient consent or minimization.

Ssd 3

Medium
Confidence
95% confidence
Finding
The `/save_matrix` trigger explicitly forces saving to persistent storage, enabling retention of prior user-supplied content and derived material. In context, the skill handles potentially sensitive medical-adjacent inputs, so a direct save command without strong data classification and consent controls increases the chance of inappropriate retention.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal