ClawHub

健康饮食提醒

Security checks across malware telemetry and agentic risk

Overview

This is a transparent meal, hydration, and wellness reminder skill with recurring cron examples, but users should review reminder timing and privacy expectations before using it.

Install this if you want recurring diet, water, exercise, and weekly check-in reminders. Before enabling cron commands, confirm the active timezone, review every scheduled reminder, and avoid sharing sensitive medical details unless you are comfortable with them being stored in your agent conversation or memory history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill hardcodes Chinese locale assumptions and the Asia/Shanghai timezone in scheduled behavior without explicit user opt-in or configuration. This can cause reminders to fire at incorrect local times, mis-handle user expectations, and potentially disclose sensitive health-related notifications at inappropriate times for users outside that locale.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes automatic recurring reminders and follow-up actions, including post-meal prompts, without a clear upfront warning that persistent scheduled actions will continue running. In an agent environment, silent persistence can surprise users, generate unwanted notifications, and expose health-related habits to others who can see the device or messages.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill offers intake logging, water tracking, calorie estimation, and weekly summaries without a clear privacy notice about what health-related data is collected, retained, or surfaced. Even if the data is not highly regulated in this context, diet and health behavior data is sensitive and can create privacy harm if stored, shared, or displayed unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal