ClawHub

Excretion Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local bathroom tracker with sensitive local storage and an optional image-card feature, but no hidden, destructive, or deceptive behavior was found.

Install only if you are comfortable storing bathroom logs on this device. Leave card generation disabled unless you trust the separate nano-banana-pro skill and are comfortable with selected event details being used to create local images. Do not rely on this skill for medical advice or active constipation reminders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill is presented as a chat-only local tracker, but it conditionally invokes an external tool for card generation. Introducing an external executable into a health-logging workflow increases attack surface, creates potential data-sharing beyond local storage expectations, and may expose sensitive medical/bodily-function information to another component without clear consent boundaries.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
Claiming the skill is 'chat-only' and stores data locally is misleading when later instructions permit calling an additional external tool. For a health-related tracker, this mismatch can cause users to disclose sensitive data under false assumptions about locality and processing, which is a privacy/security concern even if the external tool is optional.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The SOP instructs the skill to invoke an external tool and write generated files to local storage, even though the primary skill purpose is chat-based tracking. This expands the trust boundary and grants file-system side effects and third-party execution paths that are unnecessary for the core function, increasing the risk of privacy leakage or misuse of sensitive health-related data in prompts and generated artifacts.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script stores highly sensitive health information, including bowel/bladder events, pain, stool characteristics, and free-text notes, in a persistent local SQLite database under the user's home directory without any explicit user-facing warning, consent flow, retention policy, or protection measures. In a shared machine, backup-synced home directory, or compromised local account scenario, this can expose intimate medical-adjacent data and create privacy harm.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal