ClawHub

abe-diet-tracker

Security checks across malware telemetry and agentic risk

Overview

This diet tracker is mostly coherent, but it also syncs meal logs to an Obsidian vault and pushes them to GitHub without clear user consent.

Review before installing. Use it only if you are comfortable with body/profile data being read locally, meal queries going to SkillBoss when the local database misses, and diet logs being stored. Disable or remove the Obsidian/GitHub sync unless you explicitly want meal logs and possibly other vault changes committed and pushed with your local Git credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no permissions despite requiring environment access, file read/write, network access, and shell execution. This hides the true trust boundary from the user and platform, making sensitive actions like reading profile data, persisting logs, and invoking external commands harder to review and control.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The described behavior omits materially sensitive actions: reading personal health/profile data, writing persistent records, copying data into another vault, calling an external API, and pushing logs to a remote GitHub repository. This is dangerous because users may disclose health data under the assumption of local diet tracking while the implementation can exfiltrate or broadly persist that data without informed consent.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill reads detailed personal profile data from a global /root/clawd/USER.md file, including height, weight, age, sex, activity level, and macronutrient targets. This exceeds what is necessary for simple food lookup and creates unnecessary access to sensitive health-related data without clear minimization or consent boundaries.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill sends requests to an external AI API to obtain nutrition data, but that network behavior is not evident from the manifest description. Undisclosed external transmission increases privacy and trust risk because user-supplied meal data may leave the local environment unexpectedly.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill’s stated purpose is meal tracking and reminders, but this code additionally synchronizes diet logs into an Obsidian vault and pushes them to GitHub. That creates an undisclosed data propagation channel for sensitive health-related information, making the skill more dangerous because the context implies local personal tracking, not remote publication.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script performs git add/commit/push/pull operations to publish diet logs remotely, which is outside the justified scope of a diet-tracking helper. In this skill context, that materially increases risk because meal logs can reveal sensitive health, lifestyle, and routine information and are being sent off-device without any visible consent or access controls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill processes health-related profile data and stores ongoing diet logs, but the user-facing description does not clearly warn about that collection and persistence. Because diet, weight, age, sex, and activity data are sensitive personal information, undisclosed storage and processing increase privacy, consent, and downstream exposure risks.

External Transmission

Medium
Category
Data Exfiltration
Content
API_BASE = "https://api.heybossai.com/v1"

def pilot(body: dict) -> dict:
    r = requests.post(
        f"{API_BASE}/pilot",
        headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
        json=body,
Confidence
87% confidence
Finding
requests.post( f"{API_BASE}/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json=

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal