ClawHub

Food Channel

Security checks across malware telemetry and agentic risk

Overview

This food-tracking skill is transparent about logging meals, barcode lookups, and photo estimates, with privacy considerations users should understand.

Install only if you are comfortable storing a persistent food-intake CSV in the workspace and sending barcode queries to Open Food Facts. Avoid photo estimates for private images unless remote vision processing is acceptable, and set FOOD_LOG and FOOD_PROFILE_PATH only to locations you control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tainted flow: 'LOG_FILE' from os.environ.get (line 11, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
"sodium_mg": sodium_mg,
        "extra_nutrients": json.dumps(extra_nutrients) if extra_nutrients else "",
    }
    with open(LOG_FILE, "a", newline="") as f:
        writer = csv.DictWriter(f, fieldnames=FIELDNAMES)
        writer.writerow(row)
    return row
Confidence
90% confidence
Finding
with open(LOG_FILE, "a", newline="") as f:

Tainted flow: 'LOG_FILE' from os.environ.get (line 11, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
def _init_csv():
    os.makedirs(os.path.dirname(LOG_FILE), exist_ok=True)
    if not os.path.exists(LOG_FILE):
        with open(LOG_FILE, "w", newline="") as f:
            writer = csv.DictWriter(f, fieldnames=FIELDNAMES)
            writer.writeheader()
Confidence
90% confidence
Finding
with open(LOG_FILE, "w", newline="") as f:

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares access to environment variables, persistent file reads/writes, and network/API usage, but does not declare corresponding permissions. That creates a transparency and policy-enforcement gap: operators may approve or run the skill without understanding it can access local data, persist user inputs, and send data externally, including food photos and profile information. In this context, the undeclared network and file capabilities are especially relevant because the skill explicitly logs user data and may transmit images to a remote vision service.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly states that food intake data is persisted to a CSV file, but it does not clearly warn users that this may contain sensitive personal dietary and health-adjacent information. In a food-tracking context, persistent storage can expose eating habits, inferred medical conditions, and other private lifestyle data if the workspace is shared, synced, or insufficiently protected.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
This skill persists food intake records, including timestamps and item details, to disk automatically but provides no user-facing disclosure or consent mechanism. Because dietary history is sensitive personal data, silent retention increases privacy risk and may violate user expectations or policy requirements.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The barcode lookup sends user-provided identifiers to Open Food Facts over the network without explicit disclosure. Even if barcodes are less sensitive than free text, this still leaks user activity and product consumption context to a third party, which is more concerning in a food-tracking skill handling personal intake data.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal