ClawHub

Wellness Coach AI

Security checks across malware telemetry and agentic risk

Overview

This wellness skill handles private health and calendar data and sets up scheduled Telegram delivery through broad agent instructions that need careful review.

Review before installing. Only use this if you are comfortable sharing wearable health metrics, calendar summaries, and session links with the configured services. Inspect the external GitHub repository before running it, replace the hard-coded Telegram recipient and agent with your own verified destination, avoid the generic HEARTBEAT forwarding rule, and enable any daily cron only after you understand how to disable it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The documentation broadens the skill from creating a wellness coaching session to orchestrating a scheduled Telegram delivery pipeline through an external OpenClaw agent. That expansion matters because it introduces cross-agent automation and message delivery behavior that can move sensitive wellness-derived content outside the original skill boundary without clear guardrails, approval checks, or scope limits.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The system event payload contains shell commands (`cd ~/wellness-coach && python3 ...`) intended for another agent to execute. This is dangerous because it turns event text into an execution channel, enabling command execution through a loosely controlled messaging mechanism; if an attacker can influence the event or reuse the pattern elsewhere, they may trigger unauthorized code execution or chained actions involving sensitive health and messaging workflows.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The HEARTBEAT entry instructs the agent to forward any system-event text with a matching prefix directly to Telegram, with no content validation, recipient verification, or policy checks. That creates a generic relay channel that could be abused to exfiltrate data, send spoofed messages, or bypass normal user-facing controls by hiding malicious or sensitive content inside a trusted event format.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description uses broad, everyday-language triggers such as wanting a daily wellness briefing, starting a morning routine, or guided meditation. This can cause overbroad or accidental invocation of a skill that accesses sensitive health, calendar, and messaging data, increasing the chance of unintended disclosure or actions without sufficiently explicit user intent.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill processes highly sensitive data types including wearable health metrics, Google Calendar events, and Telegram delivery of a live session link, but the documentation does not present clear user-facing consent, privacy boundaries, retention practices, or sharing warnings. In this context, the omission is more dangerous because the skill combines multiple personal data sources and external services, so users may not understand what is collected, transmitted, or exposed to third parties.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation describes an automatic Telegram delivery of a morning briefing without any explicit user warning or consent language about external transmission. In the context of a wellness skill that may process wearable health data and calendar context, silent outbound messaging increases privacy risk because sensitive personal information may be sent off-platform unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The forwarding instructions tell the agent to send event content to Telegram 'as-is' and without extra commentary, which removes opportunities to warn about external delivery or inspect for sensitive data. In this skill’s context, that is especially risky because the generated briefing may include private wellness or schedule information, making unannounced transmission a meaningful privacy and data-handling issue.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The document instructs users to store a personal health API token in .env and discusses transmitting wearable health data, but it provides no warning about the sensitivity of the credential or the privacy implications of accessing and processing health information. In the context of a wellness coaching skill that aggregates health and calendar data and shares outputs via external services, this omission increases the risk of insecure secret handling and accidental exposure of sensitive health data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal