ClawHub

HealthFit-cn

Security checks across malware telemetry and agentic risk

Overview

HealthFit is a coherent local health-management skill, but it handles very sensitive health and sexual-health data with broad activation rules and privacy/storage guarantees that are stronger than the artifacts enforce.

Install only if you are comfortable storing sensitive health data locally in plaintext and giving the skill file access for tracking, backup, and export. Treat the sexual-health module as optional, avoid entering intimate or medical details unless you explicitly want them persisted, review backups before syncing or sharing them, and do not rely on this skill for diagnosis or treatment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (57)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The document tells users that sexual-health data is stored only on their local computer, yet elsewhere defines persistent storage keys such as `private_sexual_health`. This creates a material transparency and consent failure for highly sensitive data: users may disclose intimate information under false assumptions about where it is retained and who can access it.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The file explicitly says Analyst Ray must not provide training plans, but later instructs the agent to arrange return-to-training plans and coordinate training actions. In a health domain, this role-confusion can bypass intended safety boundaries and cause the wrong sub-agent to deliver exercise guidance without the proper gating or specialist review.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document says that certain symptoms require immediately stopping analysis and directing the user to seek medical care, but later rules still instruct the agent to give management advice such as forced rest, deloading, or recovery guidance. This inconsistency is dangerous because a medical escalation path can be diluted by non-clinical advice, delaying care for potentially serious conditions.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
Although the role is framed as a data analyst with limited scope, the content includes nutrition, traditional medicine, and training suggestions through direct examples and triage flows. In a health-management skill, this scope expansion can lead users to rely on advice from an agent that is not supposed to provide it, increasing the chance of unsafe or medically inappropriate recommendations.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The file includes a dedicated 'male sexual function enhancement' program, which expands the skill from general fitness and health tracking into sensitive sexual-health intervention content. In this skill context, that increases risk because the document gives prescriptive guidance on intimate health outcomes without clear scope limits, triage, or referral boundaries for medical conditions such as erectile dysfunction, cardiovascular disease, pelvic pain, or endocrine disorders.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The document gives targeted interventions for testosterone and sexual performance, including causal-sounding claims about training effects, but does not define medical limitations or prohibit diagnostic/therapeutic use. In a health-management skill, users may reasonably treat this as quasi-medical guidance and delay appropriate care for hormonal, vascular, or psychological causes of dysfunction.

Intent-Code Divergence

Medium
Confidence
80% confidence
Finding
The file tells users that sensitive health data is stored only locally, while elsewhere it also describes view/export capabilities for sexual-health data. That creates an inconsistent privacy representation: users may consent under a narrower understanding of data exposure than the skill actually permits. In a health-management skill handling highly sensitive data, misleading storage and access claims materially increase privacy risk.

Description-Behavior Mismatch

Low
Confidence
72% confidence
Finding
The document says the sexual-health module is optional, but later includes sexual health as a normal fitness goal without clearly gating it behind prior opt-in. This can lead the system to solicit or infer sensitive sexual-health information from users who believed they had declined that module. The main risk is consent boundary confusion rather than a direct exploit path.

Intent-Code Divergence

Low
Confidence
92% confidence
Finding
The document makes a concrete privacy/security guarantee that uploaded files are processed only locally and never sent to external servers, but the visible skill materials do not establish or enforce that boundary. In a health-management skill handling medical and fitness records, this can mislead users into sharing sensitive documents under false assumptions, creating privacy, consent, and compliance risk if the runtime or surrounding platform transmits data elsewhere.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file promises special protections for sexual-health data, including exclusion from backup/export and secondary confirmation before viewing or export, but no implementation evidence is present in the provided materials. Because this module covers highly sensitive intimate data, undocumented or unenforced assurances can cause users to disclose information believing it has stronger protections than it actually does.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The module expands into collection of highly sensitive sexual-health data that is not clearly signaled by the broader skill manifest, creating a scope-transparency problem for users. Because this data concerns intimate health and sexuality, under-disclosure of collection scope can undermine meaningful consent and lead users to share special-category data they did not reasonably expect this skill to request.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file tells users that only they can access the data, while the documented purpose is for AI advisors to use that same data to generate recommendations. This is a materially misleading privacy claim: even if storage is local, the system itself is processing the data, so users may consent under false assumptions about who or what can access sensitive sexual-health information.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
This repeated privacy notice reinforces a false sense of exclusivity over access to the file, despite the module’s stated downstream use by AI advisors for training and nutrition adjustments. Repetition of an inaccurate privacy assurance increases the likelihood of uninformed disclosure of intimate data and weakens valid consent.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The schema explicitly defines collection and storage of highly sensitive sexual-health data, including erectile-function and related notes. In a health-management skill this data may be contextually adjacent, but it materially increases privacy risk, regulatory exposure, and harm from accidental disclosure, especially because the same document later states the current version stores it in plaintext.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The document says the current state is plaintext storage and also claims that plaintext plus file isolation/backup exclusion is 'sufficiently safe.' This is dangerous because anyone with filesystem access, malware, accidental sync, or misconfigured backup can read the sensitive data directly, and the wording may discourage implementing real protections.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script excludes only one named JSON file, but it unconditionally copies all TXT logs and all SQLite databases. In a health-management skill, those files are very likely to contain highly sensitive medical and sexual-health data, so the documented privacy guarantee is incomplete and can mislead operators into creating backups that include data they thought was excluded.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The code copies the entire daily/ directory based only on a comment asserting that no private files exist there. If that assumption becomes false due to future changes, user-generated filenames, or misplaced exports, sensitive data will be silently included in backups without the private-data confirmation flow.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The Claude Code activation guidance uses broad health-related triggers without clear boundaries, which can cause the skill to activate on ordinary conversation that only loosely mentions health, food, or exercise. In a skill that may read/write user health data and route to specialized sub-agents, overbroad activation increases the chance of unnecessary data collection, incorrect routing, and prompt-scope takeover from general conversations.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The Cursor rule says to load the skill when the user mentions broad topics like fitness, nutrition, exercise logging, or health management, but it does not define exclusion criteria or require user intent to use the skill. This can lead to accidental activation in unrelated or mixed-context chats, expanding the skill's authority and potentially exposing local files or health data paths unnecessarily.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The Windsurf/Trae configuration activates on generic topics such as health, fitness, nutrition, or TCM, which are common in normal conversation and not specific enough to justify loading a data-handling skill. Because the file also instructs the agent to follow expert routing and use a data path, ambiguous activation broadens the attack surface for misrouting, oversharing, or unintended persistence.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The OpenHands config appends broad activation conditions covering exercise, diet, nutrition, TCM, and health tracking topics, but lacks any negative examples or scoping controls. In an autonomous or tool-capable environment, this makes it easier for the agent to enter a higher-privilege skill mode during ordinary discussion, increasing risks of unnecessary file/tool usage and collection of sensitive health information.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The Gemini CLI instructions trigger on generic categories such as fitness, nutrition, exercise, TCM, and health management requests, which are broad enough to overlap with many benign conversations. Since the instructions also tell the system to load agent files based on routing, over-triggering can cause unnecessary context loading and inappropriate specialization or persistence around sensitive health topics.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The Claude.ai examples include generic utterances like reporting a run or asking about constitution, presented as direct triggers without clarifying whether the user wants simple conversation or full skill activation. In a health skill that may maintain records and long-term tracking, such examples can normalize implicit activation and lead to collection or retention of sensitive data without sufficiently clear consent.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger description says the skill should activate for essentially any content involving body, exercise, diet, traditional Chinese medicine, or health tracking. That is overly broad for a skill that collects and stores sensitive health and sexual-health data, because it can capture ordinary conversation without a clear, deliberate user decision to invoke this specific skill.

Vague Triggers

High
Confidence
97% confidence
Finding
The listed trigger phrases include very common utterances such as '今天吃什么', '今天练什么', '我最近老是怕冷', and '怎么祛湿', which could arise in casual conversation. In the context of a skill designed for persistent health profiling, automatic activation on vague everyday language increases the risk of unintended data capture, inappropriate persona takeover, and user confusion about when sensitive processing begins.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal