ClawHub

Fitbot

Security checks across malware telemetry and agentic risk

Overview

This fitness coaching skill appears mostly purpose-aligned, but it asks the agent to create persistent reminders via cron or heartbeat and store health-adjacent profile data without enough user control or disclosure.

Install only if you are comfortable with the agent keeping local fitness records and potentially setting up scheduled reminder automation. Before use, ask it to confirm every file it will create or modify, avoid storing sensitive medical details, and do not allow cron or heartbeat setup unless it shows the exact schedule, command, and how to remove it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The onboarding flow explicitly instructs the agent to set up reminders via cron or heartbeat, which introduces persistent scheduled automation on the user's system. That exceeds ordinary conversational fitness coaching and can create unattended actions, surprise background behavior, and misuse risk if schedules are created without explicit informed consent and clear scope boundaries.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is broad enough to trigger on many ordinary fitness-related conversations, which can cause the skill to activate outside clearly bounded user intent. In this context, over-broad invocation is risky because the skill is designed to read and write persistent workspace files and provide authoritative coaching, so accidental activation could expose or modify sensitive user fitness data or steer conversations unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs storage of detailed personal fitness data, workout history, and coaching notes in persistent workspace files without any user-facing disclosure, consent step, retention limit, or handling guidance. Because this data can include health-adjacent information such as injuries, pain patterns, limitations, and routine history, silent persistence increases privacy and misuse risk if the skill is triggered unexpectedly or the workspace is accessed by others.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill tells the agent to collect and write detailed user profile, injury, age/health context, preferences, and training program information to local files without any privacy warning, minimization guidance, or consent checkpoint. Because this is health-adjacent personal data, storing it unguarded on disk increases the risk of unnecessary retention, local disclosure, and mishandling of sensitive information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Mentioning cron or heartbeat as part of normal onboarding normalizes creation of automated scheduled actions without warning the user that the assistant may configure persistent jobs on their system. In a fitness-coaching skill, that is more dangerous because users would reasonably expect reminders, but not necessarily low-level system automation with persistence and side effects.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly instructs the agent to write generated content to `fitness/program.md` and update `FITNESS.md`, which is a repository-modifying action without any user confirmation or warning. In an agent skill, this creates a real risk of unintended file modification, overwrite, or persistence of unsafe content, especially if triggered during normal user interactions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal