fitconverter

Security checks across malware telemetry and agentic risk

Overview

This fitness data converter is mostly coherent, but it asks users to share API keys, emails, workout archives, payment QR flows, and sometimes platform passwords without enough privacy or security guardrails.

Review this before installing. Use it only if you are comfortable sending selected workout exports and an email address to FitConverter, and avoid sync modes that require your platform password unless you trust the service and can rotate or revoke the credential. Prefer manual secure API-key configuration over pasting keys in chat, confirm the file, destination, amount, and payment recipient before paying, and do not include unrelated files in uploaded ZIP archives.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (12)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill instructs the agent to send a payment QR image through an external messaging channel unrelated to core file conversion. This expands data flow and user interaction to a third-party channel, creating phishing, privacy, and unauthorized-contact risks if the target or channel is misused or spoofed.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The guide instructs the agent to collect and transmit user account credentials (`account` and `password`) for sync-type conversions, which materially exceeds a simple file-format conversion workflow and creates direct credential-handling risk. If an agent follows this guidance, user secrets may be exposed to the skill operator, logged by intermediary systems, or reused beyond the stated purpose.

Context-Inappropriate Capability

Medium

Confidence: 85% confidence
Finding: The skill includes payment-collection behavior via QR-code presentation even though the manifest describes a conversion utility, expanding the agent into a financial transaction flow without clear trust, consent, or anti-fraud controls. This can be abused for deceptive charging, payment redirection, or social engineering, especially when the agent is instructed to present externally supplied QR URLs or payment links.

Vague Triggers

Medium

Confidence: 71% confidence
Finding: The trigger phrases are broad natural-language requests without clear scoping or confirmation boundaries, making accidental activation more likely. In a skill that uploads files and may handle credentials, ambiguous activation increases the chance of unintended external transmission or collection of sensitive data.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill explicitly asks users to share API keys in chat, and elsewhere supports account/password-based sync flows, but provides no meaningful warning about the sensitivity of these secrets or how they will be handled. Collecting credentials through chat increases exposure to logs, prompt history, and unintended reuse by the agent or platform.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill directs users to upload fitness archive files and email addresses to an external HTTP service without a clear warning that personal activity data and contact information are leaving the local environment. Fitness exports can contain sensitive location, health, and behavioral information, so silent transfer to a third party materially raises privacy risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation directs collection and transmission of sensitive information including email address, API key, account name, and password without any privacy notice, minimization guidance, or secure-handling requirements. In an agent setting, this omission increases the chance that highly sensitive data is over-collected, stored in logs, or sent to third parties without informed consent.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The documentation tells users to disclose their API key directly in conversation so the agent can configure the service. This is dangerous because secrets shared in chat may be retained in logs or transcripts and could be exposed to other tools, operators, or future prompts.

Ssd 3

High

Confidence: 97% confidence
Finding: The parameter documentation includes account and password fields for sync-based conversions, effectively directing the workflow toward collecting third-party login credentials. Asking an agent to gather service passwords is highly risky because it encourages credential sharing, storage, and transmission beyond the original service boundary.

External Transmission

Medium

Category: Data Exfiltration
Content: ⚠️ **首次使用需要获取 API Key** 1. 访问 https://api.fitconverter.com/mcp/generate-api-key 获取 API Key 2. 告诉我你的 API Key，我会帮你配置 3. 或者手动配置 mcporter（见下文）
Confidence: 77% confidence
Finding: https://api.fitconverter.com/

External Transmission

Medium

Category: Data Exfiltration
Content: ⚠️ **重要**：`zip_file`使用 multipart/form-data 上传文件（不是路径，不是Base64）： ```bash curl -X POST "https://api.fitconverter.com/mcp/submit_conversion" \ -H "Authorization: Bearer fc_mcp_xxx" \ -F "api_key=fc_mcp_xxx" \ -F "type=huawei" \
Confidence: 90% confidence
Finding: https://api.fitconverter.com/

External Transmission

Medium

Category: Data Exfiltration
Content: ## 12. 完整示例 ```bash curl -X POST "https://api.fitconverter.com/mcp/submit_conversion" \ -H "Authorization: Bearer fc_mcp_xxx" \ -F "api_key=fc_mcp_xxx" \ -F "type=huawei" \
Confidence: 86% confidence
Finding: https://api.fitconverter.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal