ClawHub

Health Guardian

Security checks across malware telemetry and agentic risk

Overview

This skill is aimed at legitimate local health monitoring, but it handles sensitive Apple Health data with materially unclear privacy and safety expectations.

Install only after deciding you are comfortable with Apple Health exports being synced through iCloud and copied into local skill data files. Treat alerts and summaries as informational only, not medical advice or emergency monitoring, and review any Telegram or caregiver notification setup carefully before enabling hourly cron or heartbeat monitoring.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation describes reading Apple Health exports and writing local data files, yet no permissions are declared. That creates a transparency and consent problem: an agent or user may enable the skill without understanding it accesses sensitive local health files and persists derived data. In a health-monitoring context, undeclared file access is more dangerous because the data involved is highly sensitive medical information.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The skill presents itself as proactive health monitoring, but the described behavior includes broader ingestion, parsing, and storage of local export files in multiple formats, plus only limited threshold-based analysis. This mismatch can mislead users and host agents about the actual capabilities and data handling, increasing the chance that sensitive health data is collected or processed under false assumptions about safeguards, automation, or alerting quality. In a healthcare-adjacent skill, misleading behavior is especially risky because users may rely on it for safety-critical monitoring.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation claims 'Nothing leaves your machine. No cloud.' while instructing users to use iCloud Drive sync for Apple Health exports. That is materially false and may cause users to expose sensitive medical data to Apple's cloud ecosystem without informed consent. For health data, inaccurate privacy claims are particularly dangerous because users may make trust decisions based on them.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill handles sensitive health data and emits anomaly alerts, but the documentation omits meaningful warnings about false positives, false negatives, emergency limitations, and privacy risks. Users or caregivers could over-trust the output and delay real medical attention, or process highly sensitive data without understanding retention and exposure risks. In a chronic-care setting, this missing safety guidance increases the likelihood of harmful reliance.

Missing User Warnings

High
Confidence
97% confidence
Finding
The configuration recommends an external alert channel such as Telegram for anomaly notifications without warning that those alerts may transmit protected or highly sensitive health information off-device to a third party. This can lead to unintended disclosure of medical conditions, vital signs, or inferred diagnoses through insecure or insufficiently vetted channels. In the health-monitoring context, outbound messaging materially raises confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script reads sensitive health data from disk and generates summaries/alerts without any explicit privacy notice, consent check, or output-sanitization step. In a health-monitoring skill, this increases the risk of exposing protected personal health information to users, logs, terminals, or downstream agent components that may not be authorized to receive it.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal