Strava Cycling Coach

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned for Strava ride analysis, but users should understand that optional automation stores Strava credentials locally and can run on a schedule.

Install only if you are comfortable granting Strava read access to activity/profile data and storing Strava client credentials plus OAuth tokens under ~/.config/strava/config.json. Treat cron monitoring and the shell-profile export as optional; review your crontab and remove the entry when you stop using the skill. Avoid using it on shared machines unless you are comfortable with local cache and log files under ~/.cache/strava.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 85% confidence
Finding: The skill documentation clearly instructs users to use shell commands, write to local files such as ~/.bashrc and config locations, access environment variables, and communicate with external services including Strava and Telegram, yet no permissions are declared. That creates a transparency and least-privilege problem because users and systems cannot accurately assess the skill's operational scope before enabling it.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The stated purpose is ride analysis, but the documented behavior expands into OAuth credential handling, local token storage, caching, filtering of specific activity types, and Telegram notification routing. This mismatch is dangerous because users may authorize a broader set of data access, persistence, and outbound sharing behaviors than they reasonably expect from a coaching skill.

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The documentation introduces Telegram notifications, shell profile modification, and cron-based background automation, which go beyond simple Strava ride analysis. Expanding into persistent automation and external messaging increases the attack surface and privacy exposure, especially because it causes ongoing background execution and possible transmission of ride-derived information off-platform.

Context-Inappropriate Capability

Medium

Confidence: 82% confidence
Finding: Adding Telegram messaging is not necessary for core ride analysis and introduces an extra outbound data channel that may leak sensitive training or location-adjacent information. Because this sharing is not strongly justified in the main purpose statement, users may not recognize that their activity summaries could be sent to a third-party messaging platform.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The documentation tells users to modify ~/.bashrc and install a cron job, creating persistent host-level changes outside the core function of analyzing rides. This is risky because it can leave long-running automation on the system, execute scripts repeatedly, and make cleanup or auditing difficult if users do not fully understand the persistence being added.

Missing User Warnings

Medium

Confidence: 74% confidence
Finding: The README advertises automatic monitoring and Telegram notifications but does not clearly warn users that ride data may be transmitted to third parties and that the skill may run continuously in the background. This can lead to unintentional ongoing collection and external sharing of sensitive fitness, location-adjacent, and health-related data, especially in a Strava context where activity metadata can be privacy-sensitive.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs users to persistently store a Telegram chat ID and schedule recurring monitoring without warning about privacy, continuous execution, or external data sharing. That omission is dangerous because users may unknowingly enable background collection and outbound notifications tied to their fitness activity.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script prompts for a Strava client secret and writes it in plaintext to a local config file without clearly warning the user that sensitive credentials will be stored on disk. Although the file permissions are tightened afterward, local plaintext storage increases exposure to credential theft through backups, accidental disclosure, or compromise of the user account.

Session Persistence

Medium

Category: Rogue Agent
Content: echo 'export STRAVA_TELEGRAM_CHAT_ID="your_telegram_chat_id"' >> ~/.bashrc # Set up cron job (checks every 30 minutes) crontab -l > /tmp/cron_backup.txt echo "*/30 * * * * $(pwd)/scripts/auto_analyze_new_rides.sh" >> /tmp/cron_backup.txt crontab /tmp/cron_backup.txt ```
Confidence: 91% confidence
Finding: crontab -l

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal