ClawHub

ClawHealth Garmin

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Garmin health syncing, but it handles sensitive credentials and health data through an unpinned external CLI path that users should review carefully.

Install only if you trust the clawhealth package and maintainer. Prefer a version-pinned, reviewed dependency path, verify which clawhealth executable will run, use the password-file setup with restrictive permissions, and keep .env, password files, session tokens, raw payloads, and the local health database out of Git, shared folders, and untrusted backups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares capabilities in metadata that require environment access, file reads, and shell execution, but there is no explicit permissions declaration to make those sensitive operations visible and reviewable. In this context, the skill handles Garmin credentials and stores personal health data locally, so undeclared capabilities reduce informed consent and increase the chance of over-privileged execution or unnoticed data exposure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly states that the skill may fetch code from GitHub at runtime and may automatically install missing dependencies, but it does not clearly warn users that this results in execution of newly retrieved code and modification of the local environment. This creates a real supply-chain and integrity risk: if the remote repository, dependency source, or network path is compromised, the skill could execute attacker-controlled code during normal use.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill text states that it persists synced health data and raw JSON payloads, but it does not present this as a prominent user warning despite processing sensitive medical-adjacent data. Because the stored content may include intimate health, activity, and account-linked information in local SQLite/JSON, users may unknowingly retain sensitive data on disk where other local processes or users could access it.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal