ClawHub

AI营养师

Security checks across malware telemetry and agentic risk

Overview

This nutrition skill appears purpose-built and not malicious, but it stores health-related profile data and requests broad agent tools without enough user controls.

Install only if you are comfortable storing nutrition and health-adjacent profile details locally. Use it on a trusted device, review or delete user_data/profile.json when no longer needed, and prefer a future version with explicit save consent, a delete/reset flow, narrower tool permissions, and clear limits on web research sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Granting Bash execution to a nutrition-advice skill is broader than necessary for the documented workflow and creates avoidable local-execution risk. If abused, shell access could read or alter local files, chain with stored user profile data, or invoke network/system utilities outside the intended nutrition-reporting scope.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Granting Bash execution to a nutrition-advice skill is broader than necessary for the documented workflow and creates avoidable local-execution risk. If abused, shell access could read or alter local files, chain with stored user profile data, or invoke network/system utilities outside the intended nutrition-reporting scope.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list includes very broad everyday phrases such as '怎么吃' and '吃什么', which can cause accidental invocation in unrelated conversations. Over-broad activation is dangerous because it increases the chance the skill collects health-related profile data, writes files, or uses elevated tools when the user did not intend to engage this skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill stores sensitive user profile information, including age, sex, height, weight, diet, allergies, and activity level, in a local JSON file without a clear privacy notice, retention policy, or consent flow. Because this is health-adjacent personal data, undisclosed storage materially increases confidentiality and compliance risk if other tools, skills, or local users can access the file.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code persists a detailed user nutrition profile to disk in profile.json without any consent flow, retention policy, or visibility to the user. Because this profile can contain sensitive health-related data such as age, weight, allergies, diet preferences, and health conditions, unauthorized local access or accidental reuse across sessions could expose private personal and medical information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal