ClawHub

Skill

Security checks across malware telemetry and agentic risk

Overview

HealthClaw appears purpose-built for Apple Health syncing, but it asks users to expose and route sensitive health data through public webhooks and Discord with insufficient security and privacy guidance.

Review before installing. Use only if you are comfortable giving an external webhook server and beta iOS app access to Apple Health data. Set a strong ADMIN_TOKEN before exposing the server, prefer VPN/private access where possible, protect or encrypt the health-data directory, limit shared HealthKit categories, keep Discord alerts minimal and private, and know how to stop the tunnel, server, background sync, and cron jobs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to expose a webhook that receives highly sensitive health data to the public internet, but it does not present a clear security/privacy warning or emphasize the risks of internet exposure and local storage of protected health information. In this context, omission is dangerous because users may deploy the service with weak defaults, exposing private medical data or admin functionality to unauthorized access.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to send potentially sensitive health anomaly information to Discord, a third-party messaging platform, without any explicit warning, consent step, or guidance about privacy implications. Because the alerts include specific health metrics and inferred conditions, this can expose personal health data to unintended recipients or to a service not appropriate for sensitive medical-style information.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to send a health-derived recovery score and supporting biometric values via Discord, which is a third-party channel, without any privacy warning, consent check, minimization guidance, or mention of data sensitivity. Because the content is derived from health data, this creates a real confidentiality risk if messages are sent to the wrong server/channel, retained by Discord, or exposed to other participants/integrations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The manifest explicitly advertises streaming highly sensitive Apple Health data, including heart rate, HRV, sleep, workouts, and blood pressure, to an agent via a webhook server, but it provides no warning about privacy risks, data handling, retention, or exposure. In a health-data context, omission of clear privacy disclosure and consent expectations can lead users to share regulated or highly personal information without understanding the security implications.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal