Security audit

Fitlog

Security checks across malware telemetry and agentic risk

Overview

FitLog is local-only, but it is advertised as a fitness tracker while its artifacts implement a broader productivity logger that stores and exports arbitrary user entries.

Install only if you want a generic local productivity logger, not a workout-specific tracker. Avoid entering sensitive health, work, or personal details unless you are comfortable with them remaining under ~/.local/share/fitlog and being included in exports; remove that directory manually if you need to clear stored data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The manifest advertises workout/exercise tracking, while the documentation defines a different product category entirely: a timestamped productivity/task logging system. This is a true security issue because security review, user consent, and agent tool selection depend on accurate identity and declared purpose; deceptive or inconsistent identity can hide broader data handling than expected.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The title and surrounding description explicitly frame the skill as a productivity toolkit, contradicting the manifest's health/fitness positioning. While this may look like documentation sloppiness, it materially increases risk by obscuring the real operational scope and making it easier for an agent or user to misclassify the tool's trust boundary and data sensitivity.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The script's implemented feature set materially diverges from the declared fitness-tracking purpose, exposing users to broader data collection and behavior than the skill description suggests. This is dangerous because users may invoke or install the skill under false expectations, enabling unnecessary logging of general personal productivity information and reducing informed consent.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The command set includes context-inappropriate productivity-management operations unrelated to workout logging, which increases the amount and sensitivity of user data the skill can capture without justification from its advertised purpose. In the context of a fitness skill, this mismatch makes the behavior more suspicious because it normalizes collecting arbitrary notes and plans under a narrower trust boundary.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: Branding the script as a productivity tool directly contradicts the declared workout-tracking metadata and indicates deceptive or careless packaging. While not code execution by itself, this inconsistency undermines trust and can hide unauthorized scope expansion behind a benign fitness label.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The help text presents the program as a productivity toolkit, which is inconsistent with the declared exercise-tracking function and can mislead users about what the skill does and what data it may store. In a user-installed agent skill, misleading help text increases the risk of unauthorized or uninformed use of non-fitness logging features.

Vague Triggers

High

Confidence: 92% confidence
Finding: The usage description is overly broad and not specific to fitness, indicating the skill can be used as a generic sink for arbitrary user content. In context, this makes the mismatch more dangerous because the skill stores timestamped history and supports search/export, so an agent might funnel unrelated sensitive data into persistent local logs under the mistaken belief that it is a narrowly scoped workout tracker.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: User-provided input is written verbatim to persistent local log files without any warning, consent prompt, retention notice, or sensitivity guidance. This is risky because users may enter health, scheduling, or personal notes assuming transient processing, but the skill silently stores them on disk where other local users, backups, or later exports may expose them.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The export feature aggregates all logged entries into new files without warning that potentially sensitive content will be copied into easier-to-share formats such as JSON, CSV, or TXT. This increases exposure because exports create additional copies of personal data that may be transmitted, synced, or left behind inadvertently.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal