Back to skill

Security audit

Strength Training Recording Summary

Security checks across malware telemetry and agentic risk

Overview

This is a coherent workout recording summarizer with disclosed helper scripts and optional network use, but users should notice the dataset cache and cloud transcription behavior.

Install if you are comfortable with a helper that may download and cache a public exercise dataset from GitHub. For private workouts, prefer an existing transcript or local Whisper; only use Groq/OpenAI-style transcription when you are comfortable sending the audio to that provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill advertises only summarization behavior, but its instructions invoke shell commands, local helper scripts, local file access, and optional network-backed transcription providers without any declared permissions. This creates an under-specified trust boundary: a caller or host may not expect file, shell, and network capabilities, increasing the chance of unintended data exposure or command execution in environments that rely on permission declarations for isolation.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented purpose is generating workout summaries, but the skill also references downloading an external exercise dataset, caching it locally, and using helper behavior that may return exercise metadata beyond summarization. This mismatch is dangerous because it can cause unexpected network egress, local persistence, and expanded processing of untrusted content, which is especially sensitive when inputs may include private audio transcripts and health-related notes.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The helper will automatically fetch a remote JSON dataset and write it to a local cache when no local dataset is present. In a skill whose stated purpose is local workout recording/transcript summarization, this undocumented outbound network access expands the trust boundary, introduces supply-chain and privacy risk, and can surprise users or agents running in restricted environments.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The code defines a hardcoded remote URL and imports URL-fetching capability for a helper that otherwise appears to support local matching logic. Even if the current URL points to a benign dataset, the capability enables dependency on external content outside the declared local-only workflow, creating a supply-chain exposure if the remote content changes or is tampered with.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The script silently downloads data from the internet and persists it under the user's home directory cache without any user-facing notice. This is lower severity than direct code execution, but it undermines transparency, can violate least-surprise expectations, and may create compliance or privacy concerns in locked-down environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.