AI健身教练

Security checks across malware telemetry and agentic risk

Overview

This is a coherent fitness-coaching skill, but users should understand that its optional prototype code can save fitness data locally and includes optional Feishu sync helpers.

Install and use it as the markdown skill for ordinary coaching. Before running the Python prototype, review where it stores profile and workout data, avoid entering unnecessary sensitive health details, keep Feishu disabled unless you intentionally want external sync, and do not run the GitHub publishing script unless you mean to publish the repository.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill appears to exercise file read/write, MCP, and network capabilities without declaring corresponding permissions. This breaks the principle of least privilege and prevents users or reviewers from understanding what data the skill can access or where it can send it, which is especially risky for a fitness coach that may handle sensitive personal and health-adjacent data.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The declared purpose is fitness coaching, but the detected behavior includes persistent local storage of user profiles and conversation history, Feishu token acquisition and data export, and a GitHub publishing script unrelated to user-facing coaching. This mismatch is dangerous because it can conceal collection, retention, and exfiltration of sensitive user data under a benign wellness pretext, and the unrelated publishing capability suggests unnecessary expansion of attack surface.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The design document includes code paths for creating a GitHub repository and pushing source code, which is unrelated to the declared fitness-coaching purpose. In an agent-skill context, embedding developer/deployment actions expands the skill's operational scope and could enable unintended exfiltration or publication of local code and data if such instructions are implemented or invoked.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The documented auto-deploy script performs GitHub API calls and git push operations, granting the project capabilities far beyond fitness guidance. In a skill ecosystem, such deployment functionality is risky because it normalizes outbound publication actions that could leak source, configuration, or user-related files to external services if reused or miswired.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README advertises automatic workout logging and Feishu synchronization, but does not clearly disclose that sensitive user data such as body metrics, training history, and preferences may be stored locally and transmitted to a third-party service. In a fitness-coaching skill, this creates a real privacy and data-handling risk because users may share health-adjacent personal information without informed consent or understanding of where it is stored.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README advertises automatic syncing to Feishu tables but does not clearly disclose what user data is transmitted, stored, or retained. In a fitness coaching skill, workout history, preferences, and potentially health-adjacent personal data may be sent to third-party services, so the lack of a user-facing privacy warning increases the risk of uninformed consent and inappropriate data exposure.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The function exports sensitive fitness/profile data to a local CSV file without any privacy safeguards, sensitivity labeling, or protection of the output file. CSV exports can persist personal health-related information on disk where other users, processes, backups, or sync tools may access it unintentionally.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: These methods transmit workout and profile data to an external Feishu service, including user identifiers and body metrics, without any visible consent, disclosure, or data-minimization controls. Because the skill handles health-adjacent personal data, undisclosed external transmission materially increases privacy and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal