Back to skill

Security audit

GutCheck Digestive Health Tracker

Security checks across malware telemetry and agentic risk

Overview

GutCheck is a disclosed digestive-health app skill, but users should review the external app repository, dependency installs, and health-data/privacy claims before running it.

Install only if you are comfortable cloning and running a Node app from the referenced GitHub repository. Review the repository and dependency tree first, use a local or test database, set a strong JWT secret, avoid entering sensitive health details until you understand the app's privacy behavior, and do not run the publishing script or ClawHub login/publish commands unless you intentionally want to publish the skill from your own account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill declares itself as a digestive health app, but the documented behavior and associated packaging workflow indicate repository cloning, shell execution, filesystem manipulation, and package publishing activity that are unrelated to the stated end-user purpose. This mismatch is dangerous because users or agents may grant trust and execution privileges based on the health-app description while actually running developer-oriented automation that can modify the local system and fetch unreviewed external code.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The installation flow clones an external GitHub repository and runs npm install in multiple directories, which executes arbitrary third-party package lifecycle scripts and introduces unpinned supply-chain risk. Without prominent warnings or integrity controls, a user may execute this on their local machine assuming it is a simple health-tracking skill, exposing the host to malicious dependency or repository compromise.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The plan includes educational content on elimination diets, supplements, medication side effects, gender-specific digestive issues, age-related digestive guidance, and when to seek help, but it does not include safety disclaimers, escalation guidance, or instructions to consult qualified clinicians for individualized care. In a digestive health app, users may treat this content as personalized medical guidance and self-manage symptoms, delaying appropriate diagnosis or making unsafe dietary or medication-related decisions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This press release promotes AI-driven digestive-health insights, symptom reduction claims, and guidance for people with ongoing digestive issues without clearly stating that the app is not medical advice and should not replace diagnosis or treatment by a qualified clinician. In a health context, users may over-rely on the app, delay professional evaluation, or self-manage potentially serious conditions based on marketing language that presents the tool as scientifically grounded and effective.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The plan explicitly encourages collecting and promoting user stories, testimonials, and before/after transformations in a digestive health app context, which involves sensitive health information. Without requirements for explicit informed consent, de-identification, HIPAA/privacy review where applicable, and limits on sharing medical details, this creates a real risk of privacy violations, oversharing of protected or highly sensitive personal data, and reputational or regulatory harm.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "AetherChain Team",
  "license": "MIT",
  "dependencies": {
    "express": "^4.18.0",
    "mongoose": "^7.0.0",
    "bcrypt": "^5.1.0",
    "jsonwebtoken": "^9.0.0",
Confidence
96% confidence
Finding
"express": "^4.18.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"license": "MIT",
  "dependencies": {
    "express": "^4.18.0",
    "mongoose": "^7.0.0",
    "bcrypt": "^5.1.0",
    "jsonwebtoken": "^9.0.0",
    "cors": "^2.8.5",
Confidence
97% confidence
Finding
"mongoose": "^7.0.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"dependencies": {
    "express": "^4.18.0",
    "mongoose": "^7.0.0",
    "bcrypt": "^5.1.0",
    "jsonwebtoken": "^9.0.0",
    "cors": "^2.8.5",
    "dotenv": "^16.0.3"
Confidence
94% confidence
Finding
"bcrypt": "^5.1.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"express": "^4.18.0",
    "mongoose": "^7.0.0",
    "bcrypt": "^5.1.0",
    "jsonwebtoken": "^9.0.0",
    "cors": "^2.8.5",
    "dotenv": "^16.0.3"
  }
Confidence
95% confidence
Finding
"jsonwebtoken": "^9.0.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"mongoose": "^7.0.0",
    "bcrypt": "^5.1.0",
    "jsonwebtoken": "^9.0.0",
    "cors": "^2.8.5",
    "dotenv": "^16.0.3"
  }
}
Confidence
93% confidence
Finding
"cors": "^2.8.5"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"bcrypt": "^5.1.0",
    "jsonwebtoken": "^9.0.0",
    "cors": "^2.8.5",
    "dotenv": "^16.0.3"
  }
}
Confidence
92% confidence
Finding
"dotenv": "^16.0.3"

Known Vulnerable Dependency: express==4.18.0 — 2 advisory(ies): CVE-2024-43796 (express vulnerable to XSS via response.redirect()); CVE-2024-29041 (Express.js Open Redirect in malformed URLs)

Low
Category
Supply Chain
Confidence
95% confidence
Finding
express==4.18.0

Known Vulnerable Dependency: mongoose==7.0.0 — 4 advisory(ies): CVE-2023-3696 (Mongoose Prototype Pollution vulnerability); CVE-2024-53900 (Mongoose search injection vulnerability); CVE-2025-23061 (Mongoose search injection vulnerability) +1 more

Critical
Category
Supply Chain
Confidence
99% confidence
Finding
mongoose==7.0.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
publish_gutcheck.js:28