ClawHub

Ai Yoga

Security checks across malware telemetry and agentic risk

Overview

This is a simple yoga guidance skill with no code or system access, but its injury, pregnancy, and therapy advice should be treated as general wellness information only.

Install only for general yoga education and practice ideas. Do not rely on it to diagnose or treat pain, pregnancy-related concerns, injuries, nerve symptoms, scoliosis, or other medical issues; consult a clinician or qualified yoga instructor and stop if pain, dizziness, numbness, weakness, or unusual symptoms occur.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly advertises yoga therapy, pregnancy yoga, and condition-specific guidance for back pain, neck issues, and scoliosis, but provides no prominent disclaimer that it is not medical advice and may be unsafe for some users. In this context, users may rely on the assistant for injury management or rehabilitation and perform contraindicated movements, increasing the risk of aggravating existing conditions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The usage examples encourage corrective and therapeutic requests such as fixing form and addressing low back pain, yet the skill does not pair those prompts with any warning about limits, red-flag symptoms, or when to seek professional care. Because the content invites self-directed physical intervention, users may interpret the output as safe personalized rehab guidance when it is not clinically validated.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal