Security audit

wger Fitness Manager

Security checks across malware telemetry and agentic risk

Overview

This wger fitness skill is coherent, but it gives an agent broad read/write and automation paths over sensitive fitness and nutrition records without clear confirmation boundaries.

Install only if you want an agent to access your wger account. Keep WGER_TOKEN private, require explicit confirmation before any create/update/sync action, and change the Docker password and image pinning before using the self-host example beyond a local test.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill advertises very broad triggers for generic fitness/gym queries while also supporting API reads, writes, and automation. That combination can cause the agent to invoke this skill in ambiguous contexts and perform actions against a user's fitness account without sufficiently clear scoping or intent validation.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The description explicitly includes editing, creating, and automated pulls/pushes of personal fitness data, but it does not warn that these operations modify sensitive health-related records. In an agent setting, this increases the risk of silent or accidental changes to a user's workout, nutrition, or progress data.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The examples include authenticated POST and PATCH requests that transmit and modify workout and nutrition data, yet they provide no confirmation, privacy notice, or safeguards against accidental execution. Because the content concerns health and behavioral data, unauthorized or mistaken writes have meaningful privacy and integrity consequences.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The instructions publish a web service on localhost:8000 and direct the user to an unauthenticated API endpoint without warning about authentication requirements, credential changes, or network exposure risks. While binding to localhost is less dangerous than exposing all interfaces, users may still port-forward, rebind, or run this on shared/dev hosts, and the hardcoded weak database password further normalizes insecure deployment practices.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal