Fitbit MCP
Security checks across malware telemetry and agentic risk
Overview
This is a coherent Fitbit MCP setup guide that discloses its sensitive health-data access and token storage requirements.
Before installing, confirm you trust the linked repository and npm package, review the Fitbit OAuth scopes, and understand that an enabled agent may read sensitive health and wellness data. Use privacy audit and dry-run tools first, and require explicit approval before any write or live provider action.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.