ClawHub

iwatch health data analysis

Security checks across malware telemetry and agentic risk

Overview

This Apple Health report skill has a coherent purpose, but it handles sensitive health data with under-disclosed browser/network and local-file risks that users should review first.

Install only if you are comfortable giving the skill an Apple Health export and having derived health summaries written to local files. Run it in a private workspace, choose a private output path instead of the default /tmp path, delete export.zip and generated reports when done, and avoid opening the HTML report online unless Chart.js is bundled locally or the CDN behavior is acceptable to you.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The generated report loads Chart.js from a third-party CDN at runtime, which creates a supply-chain and privacy risk: opening the report causes the viewer's browser to contact an external domain and execute remotely hosted JavaScript. If the CDN response is tampered with, blocked, or replaced, the report can execute attacker-controlled code or fail unexpectedly; this is more concerning here because the report contains sensitive health data.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation examples are broad enough to match common requests like '帮我分析健康数据' or '生成健康报告', which can cause the skill to activate in situations the user did not intend. Because this skill handles highly sensitive health data and encourages collection of profile details, accidental triggering increases privacy risk and may lead to unnecessary requests for medical and biometric information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal