Back to skill

Security audit

Heartrate

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it overstates its heart-rate tracking abilities and may store sensitive health notes as plain local files.

Review before installing. Treat this as a simple local note logger, not a medical or heart-rate analytics tool. Avoid entering sensitive health details unless you are comfortable with plaintext files under `~/.local/share/heartrate/`, and do not rely on it for cardiovascular decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill presents itself as a focused heart-rate tracker, but the documented commands and outputs indicate a much broader generic logging/export utility. This mismatch can mislead users and downstream agents into handling arbitrary sensitive data under incorrect assumptions, increasing the chance of privacy exposure and unsafe automation decisions.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The documentation claims heart-rate-specific functionality, but the described interface supports free-form category logging and generic input handling. In a health context, that can cause users or agents to enter broader personal or medical information than expected, without informed consent about the real scope of collection and retention.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The command set expands into generic note-taking, history viewing, search, and export features that are not justified by the stated purpose of cardiovascular tracking. Hidden breadth of capability is dangerous because it undermines least privilege and makes it easier to accumulate, query, and exfiltrate sensitive personal data beyond the user's expectations.

Context-Inappropriate Capability

Low
Confidence
72% confidence
Finding
The script aggregates and exposes all stored records through search and export features that are broader than expected for the stated heart-rate purpose. In a health-data context, these capabilities increase the chance of unintended disclosure of sensitive personal information, especially because exports are written to predictable files in the data directory without access controls or user warnings.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill handles health-related data and supports local history plus export, but the documentation lacks a clear warning that this is sensitive personal information. Users may be encouraged by phrases like 'offline' and 'local' to underestimate privacy risks such as unencrypted local storage, shell history leakage, shared-machine access, or accidental export of medical data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script stores user-provided health-related entries in plaintext under a persistent directory in the user's home folder without any explicit privacy notice, retention policy, or permission hardening. In the context of heart-rate and wellness data, silent local persistence can expose sensitive information to other local users, backups, sync tools, or anyone with access to the account.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The export function collects all logged records into a consolidated plaintext file in JSON, CSV, or TXT formats without an explicit sensitivity warning or safeguards. Because the skill handles health-related information, exporting into an easily copied file materially increases confidentiality risk and makes accidental sharing or downstream leakage more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.