ClawHub

Daily Meal Planner

Security checks across malware telemetry and agentic risk

Overview

This meal-planning skill has disclosed local profile storage and external lookups, with privacy and supply-chain cautions but no evidence of malicious behavior.

Install only if you are comfortable with a meal planner storing a local food-preference profile and contacting external services for recipe data, weather, and holiday context. Avoid saving precise location details, and delete user_profile.json if you do not want retained preferences.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Tainted flow: 'p' from open (line 61, file read) → open (file write)

Medium
Category
Data Flow
Content
for base in DATA_MIRRORS:
  try:
   from urllib.request import urlopen;d=urlopen(f"{base}/{fn}",timeout=15).read()
   with open(p,'wb') as f:f.write(d);return True
  except:continue
 return False
def _lj(fn):
Confidence
82% confidence
Finding
with open(p,'wb') as f:f.write(d);return True

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares no permissions, yet its documented behavior includes network access plus local file reads/writes. This is dangerous because users and hosting platforms may treat it as a simple recipe helper while it actually persists profile data and reaches external services, expanding the attack surface and creating privacy and supply-chain risk.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The stated purpose is meal recommendation, but the skill also downloads remote content, calls third-party APIs, persists user profile data, and outputs large JSON context for another AI to process. That mismatch can mislead reviewers and users about what data leaves the system and what code paths execute, making abuse, over-collection, and prompt/data exfiltration easier to hide.

Context-Inappropriate Capability

Low
Confidence
71% confidence
Finding
The skill makes an unrelated external request to a holiday API during message generation, expanding the network attack surface and creating unnecessary data flow/dependency outside core meal-planning functionality. Even if little user data is sent, this creates avoidable privacy, reliability, and supply-chain risk in a context where users would not expect such calls.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill stores user profile data such as location, cuisine preferences, mood, diet goals, dislikes, and allergies in a local JSON file without any visible notice, consent flow, retention policy, or protection. This is sensitive preference data, and silent persistence increases privacy risk if the host environment is shared, compromised, or logs/workspaces are later inspected.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The weather lookup sends the user's city/location to wttr.in without visible disclosure or opt-in. Location data is privacy-sensitive, and transmitting it to a third-party service in a meal-planning skill can expose user context beyond what is necessary or expected.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
At startup, the skill may fetch remote data files from external hosts and store them locally without any user-facing disclosure. In addition to the supply-chain issue, this creates unexpected outbound network activity and persistent local changes that users and operators may not anticipate.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal