ClawHub

Why We Get Fat

Security checks across malware telemetry and agentic risk

Overview

This is a text-only nutrition skill with no malware signals, but it gives strong diet and medical-adjacent advice without enough safety boundaries.

Review carefully before installing. This does not appear to be malware, but it can produce strong low-carb, fasting, and pre-diabetes-related recommendations. Users with diabetes or glucose-lowering medications, pregnancy, eating disorder history, kidney disease, children, or other medical conditions should treat the output as educational book-framing only and consult a qualified clinician before following diet changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list is broad enough to activate on many generic nutrition, obesity, sugar, insulin, or low-carb conversations that may not specifically request this skill. That can cause unintended routing and over-apply a single contested dietary framework in health-related contexts, increasing the risk of irrelevant, biased, or medically overconfident guidance.

Vague Triggers

Low
Confidence
88% confidence
Finding
The onboarding rule triggers when a user says they just installed the skill or do not know how to start, but it does not define concrete phrases or scope boundaries. This ambiguity can cause accidental invocation in unrelated setup conversations and force unsolicited health guidance, which is especially undesirable in a medical or dietary context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This content gives concrete dietary instructions such as eliminating entire food categories and endorses a specific weight-loss approach without any medical disclaimer, safety boundaries, or advice to seek professional guidance. In a health/nutrition skill, users may reasonably treat this as actionable medical advice, which increases the risk of harm for people with diabetes, eating disorders, pregnancy, kidney disease, or those taking glucose-lowering medications.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This file gives prescriptive nutrition and weight-loss guidance as factual medical advice, including strong claims about obesity causation, diabetes reversal, and what users should eat or avoid, without any medical disclaimer or direction to seek professional care. In a user-facing skill explicitly triggered by weight-loss, obesity, diabetes, insulin, and ketogenic topics, this can mislead users into making significant dietary changes that may be unsafe for people with diabetes, eating disorders, pregnancy, kidney disease, or those taking glucose-lowering medications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This is actionable dietary and behavior-change guidance that recommends major carbohydrate restriction and later intermittent fasting without any safety caveats, screening criteria, or advice to consult a clinician. In a consumer-facing skill, users may apply it despite diabetes, pregnancy, eating disorders, kidney disease, or relevant medications, creating a realistic risk of adverse effects such as hypoglycemia, dizziness, nutrient imbalance, or worsening disordered eating.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The file explicitly recommends skipping breakfast as an intermittent fasting tactic but provides no warning about who should avoid fasting or the symptoms that should prompt stopping. Because the skill is positioned as practical self-help, users may follow the instruction directly, which raises the chance of harm for medically vulnerable users or those prone to unsafe restriction.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This file gives concrete dietary and quasi-medical recommendations for pre-diabetes, child weight management, ketogenic adaptation, and blood-sugar outcomes without any safety disclaimer, individualized risk framing, or instruction to consult a qualified clinician. Because the skill is designed to be applied directly to real users and uses forceful language such as predicting diagnosis reversal and recommending elimination of major food categories, it could lead users—especially those with diabetes, eating disorder risk, pregnancy, kidney disease, or on glucose-lowering medication—to make unsafe changes without supervision.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal