ClawHub

HealthFit

Security checks across malware telemetry and agentic risk

Overview

HealthFit is a coherent local health and fitness tracking skill, but users should treat its stored health and optional sexual-health records as sensitive private data.

Install only if you are comfortable storing health, body, diet, medication/history, TCM, and optional sexual-health information in local plaintext files. Keep the data directory and export/backup folders out of shared or cloud-synced locations unless intended, review exports before sharing, use explicit commands when possible, and treat the advice as wellness support rather than a substitute for medical care.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (49)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill explicitly instructs reading and writing local files containing highly sensitive health and sexual-health data, yet no permissions are declared. That creates a transparency and governance gap: users and hosting systems are not clearly informed that the skill persists, modifies, exports, and recovers sensitive records from disk.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The top-level description presents the skill as a health guidance assistant, but the documented behavior also includes backup, export, database initialization/reinitialization, and draft recovery operations over sensitive data. That mismatch can cause users and reviewers to underestimate the skill's ability to copy, transform, or reset private records.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The privacy section says sexual-health data is excluded from backup/export by default, while another statement says users can obtain all raw data at any time. Conflicting rules around sensitive exports increase the chance that operators or users misunderstand what will actually be included, leading to accidental disclosure of intimate data.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The role definition explicitly says Analyst Ray must not provide training plans, but the anomaly workflow later gives concrete deload, rep-range, exercise-variation, and recovery prescriptions. In a health-focused skill, this boundary violation is risky because users may treat these as personalized exercise guidance despite the role not being authorized or scoped for that function.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill explicitly says Coach Alex must not provide diet advice, but the PR template includes specific nutrition guidance such as protein intake targets. In a health-oriented skill, contradictory role boundaries can cause users to rely on advice from the wrong specialist, increasing the chance of inappropriate or oversimplified recommendations.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The skill states that when acute symptoms such as chest pain, fainting, or abnormal shortness of breath are detected, the agent must immediately stop giving advice. However, later generic training workflows and examples continue offering exercise guidance, creating a dangerous ambiguity that could lead the agent to provide workout recommendations despite red-flag medical symptoms.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The document states that sexual-health data requires secondary confirmation and is excluded from backup/export, but the actual design shown is just a normal local JSON file with no enforceable access-control, encryption, or separation mechanism. In a health-management skill handling highly sensitive medical and sexual-health information, this mismatch can mislead implementers into storing intimate data insecurely and expose users to privacy harm if the filesystem, backups, or logs are accessed.

Intent-Code Divergence

Low
Confidence
98% confidence
Finding
The guidance describes 'base64 encoding + password protection' as an encryption approach, but base64 is only reversible encoding and provides no confidentiality. This is dangerous because developers may rely on it for protection of sensitive user selfie images, leading to storage of easily recoverable intimate health-related photos under a false sense of security.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The documentation instructs users to invoke the skill with a broad natural-language phrase, which can contribute to accidental routing when similar phrases appear in ordinary conversation. In a health-related skill, unintended activation is more sensitive because it may expose or collect personal health context, start profiling flows, or produce advice in situations where the user did not explicitly intend to engage the skill.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The routing table includes broad phrases such as gendered training requests and sensitive symptom-like inputs that can trigger role loading without clear scope constraints. Overbroad activation is risky here because the skill handles persistent sensitive health data and may steer users into profiling or storage flows unintentionally.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Several triggers like 'weekly summary', 'weekly report', and 'monthly report' are generic and likely to appear in unrelated conversations. Because this skill stores and retrieves sensitive health information, accidental invocation could expose prior personal data or start stateful health workflows in the wrong context.

Missing User Warnings

High
Confidence
95% confidence
Finding
The description advertises profiling and sexual-health functionality but does not prominently warn that the skill persistently stores sensitive health and sexual-health data across sessions. For a health-focused skill, omission of that disclosure materially increases privacy risk because users may share intimate information without realizing it will be retained locally.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The file specifies persistent storage of weekly summaries, monthly summaries, and achievements in local database/text files, but gives no user-facing notice, consent flow, retention policy, or safeguards for sensitive health information. Because this skill handles health, body composition, sleep, and potentially sexual-health-related data at the product level, silent persistence materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly stores highly sensitive health data, including constitution profiles and daily tongue/health logs, but provides no clear user-facing notice about retention, consent, access controls, deletion, or purpose limitation. Because this is medical-adjacent personal data, silent persistence increases privacy and compliance risk, especially if logs accumulate over time or are accessible by other components.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill hard-codes Chinese nutrition standards and sex-specific reference files as authoritative defaults without indicating they may not match the user's country, demographics, lab units, or clinician guidance. In a health advice context, silently applying the wrong locale or standard can produce inappropriate recommendations or confusing thresholds, especially for users outside the intended population.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The file specifies persistent storage of diet data in JSON, text logs, and a database, but gives no user notice, consent flow, retention policy, or handling restrictions for sensitive health information. Because this skill manages nutrition, body data, medication context, and possibly sexual-health-adjacent records within the broader system, undisclosed persistence materially increases privacy and compliance risk if users reveal sensitive medical data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This is a real safety vulnerability: the guide instructs users to perform maximal-effort physical tests such as a 5km 'as fast as possible' run, max push-ups, 60-second squat AMRAP, and plank to failure without screening for medical conditions, advising users to stop for warning symptoms, or recommending professional clearance where appropriate. In a health-management skill, users may reasonably rely on the instructions as actionable guidance, so omission of safety warnings and privacy/consent context for storing health data increases the risk of injury, adverse cardiac events, and inappropriate handling of sensitive fitness data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This guide presents a structured health self-exam tied to constitution identification and symptom interpretation, but it does not clearly state that the material is informational only and not a medical diagnosis. In a health-management skill, users may over-rely on the output, delay appropriate care, or treat potentially significant symptoms as routine wellness signals, which increases safety risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The file encourages users to take and share tongue photos for analysis without warning that these images are sensitive health data. Because the skill supports profiling and long-term tracking, collecting or transmitting identifiable oral images can create privacy and consent risks if users are not informed about sensitivity, minimization, and sharing implications.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger phrase "Call healthfit" is generic enough that normal conversation or meta-discussion about the skill could invoke it unintentionally. In a health-related skill, accidental activation is more concerning because it can solicit or expose sensitive wellness, body, or sexual-health information in the wrong context.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The documentation explicitly states that natural language like "log today's 5km run" will be recognized, which broadens activation beyond explicit slash commands and increases the chance of unintended triggering on ordinary conversation. In a health-tracking skill, unintended activation can cause accidental logging, profile changes, or retrieval of sensitive wellness information without the user clearly intending to invoke the skill.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The routing rules describe recording user health, nutrition, and workout data to local files and profile data stores such as workout_log.txt, nutrition_log.txt, and profile.json, but the command documentation does not warn users that their inputs will be persisted. Because this skill handles sensitive health and potentially sexual-health-related data, silent persistence materially increases privacy risk, surprise data retention, and the chance of exposing intimate data through local file access or later summaries.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The file anchors nutrient guidance to the Chinese Nutrition Society DRIs for Chinese residents without any explicit gating, locale detection, or user consent. In a health-management skill, population-specific nutrition references can produce inappropriate recommendations for users in other regions, ethnic backgrounds, regulatory environments, or clinical contexts, especially if downstream advisors treat these values as universally applicable.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document encourages users to photograph their bodies and upload images for AI-based movement correction, but it provides no warning about privacy, biometric data exposure, or the possibility that exercise photos may reveal sensitive health or intimate information. In a health-management skill that also covers body composition, sexual health, and long-term tracking, this omission increases the chance users will share highly sensitive images without informed consent.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The document presents a female-specific training framework as the default without indicating when it is appropriate, how users should opt in, or what alternatives exist for users who do not identify with or physiologically match the assumed population. In a health and fitness skill, this can lead to mispersonalized advice, exclusion, and potentially unsafe recommendations when menstrual-cycle or postpartum guidance is inappropriately applied or assumed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal