Back to skill

Security audit

Bmi

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local BMI/fitness logger, but its advertised BMI, charting, and export behavior does not fully match what the script actually does.

Review this carefully before installing. It does not appear to exfiltrate data or use elevated privileges, but it saves health-related notes as plain files under ~/.local/share/bmi and some advertised features, especially BMI calculation and export, appear incomplete or broken. Avoid entering sensitive medical details unless you are comfortable managing and deleting those local logs yourself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The implementation materially does not match the skill’s stated BMI/body-composition purpose and instead behaves as a generic multi-command logger. This kind of capability mismatch is dangerous because it can mislead users and reviewers about what data is collected and how it is processed, increasing the risk of inappropriate collection of health-related free-text data without expected safeguards or calculations.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The presence of reminder and broad activity logging functions expands the skill beyond BMI tracking without clear justification. In a health context, unnecessary feature expansion increases data collection surface and can capture sensitive lifestyle or medical-adjacent information that users would not expect this skill to retain.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The help text advertises `export <fmt>` data export, but the first `export)` case instead appends arbitrary input to `export.log`, while a later duplicate `export)` branch intended to call `_export` is unreachable. This deceptive or broken behavior can cause users to enter sensitive data expecting export functionality, resulting in unexpected persistent storage of health-related information.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script stores user-provided health-related entries in persistent local logs under `$HOME/.local/share/bmi` without any clear privacy notice, consent flow, retention policy, or access protections. Because the skill is framed as a health tool, users are likely to input sensitive weight, body composition, and goal data, making silent persistence more dangerous than in a non-sensitive context.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.