ClawHub

Health Guardian

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned, but it handles highly sensitive health data with misleading privacy claims and weak scoping around storage, automation, and alerts.

Install only after the person whose health data is involved has explicitly consented. Before enabling cron or alerts, verify the real import directory, inspect and protect the local data files, disable or tightly limit Telegram or other external notifications, and do not rely on this for medical safety until the importer/analyzer schema mismatch is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation describes direct reading of Apple Health exports from a local iCloud path and writing sensitive readings, baselines, alerts, and patterns into local files, but it declares no permissions. For a health-data skill, undeclared file read/write capability is security-relevant because it obscures access to highly sensitive medical information and prevents informed consent or policy enforcement.

Tp4

High
Category
MCP Tool Poisoning
Confidence
81% confidence
Finding
The skill claims health monitoring and Apple Health integration, but the documented behavior expands into direct ingestion of local iCloud exports, storage of raw readings, and processing of additional mobility-related metrics not clearly disclosed in the description. In a medical context, this mismatch is dangerous because users may authorize the skill for limited monitoring while it handles a broader set of sensitive health and disability-related data than expected.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill handles sensitive health data and can generate proactive alerts to channels such as Telegram, yet the description does not prominently warn users about medical-data processing, local retention, or notification risks. This is especially dangerous in a chronic-care setting because accidental exposure, misrouted alerts, or misunderstood monitoring scope could reveal highly sensitive information about a vulnerable person.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script imports highly sensitive health data from Apple Health exports and persists it into data/vitals.json without any explicit consent flow, notice, retention controls, or confirmation that the user intends long-term local storage. Even though this is local processing rather than obvious exfiltration, silently collecting and storing chronic-condition-related health metrics increases privacy risk if the host, repo, backups, or downstream agents access the file unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal