ClawHub

Strava Training Coach

Security checks across malware telemetry and agentic risk

Overview

This skill coherently supports Strava-based training checks with disclosed local token storage, optional Oura data, and user-configured Slack or Discord alerts.

Install only if you are comfortable granting Strava read/activity access and sending training summaries to your chosen Discord or Slack channel. Enable Oura only if you intentionally want this skill to use your existing Oura CLI authentication and include sleep/readiness signals in coaching alerts. Keep webhook URLs private, disable any schedule you create when no longer needed, and delete the config directory or revoke tokens when you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation describes capabilities that access environment variables, read/write local files, make network requests, and invoke shell commands, but it does not declare any explicit permissions for those sensitive operations. This creates a transparency and trust gap: users or platforms may approve the skill without realizing it can access secrets, persist tokens, and execute commands, increasing the risk of over-privileged execution or unsafe deployment.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill reads an Oura access token from ~/.config/oura-cli/config.json, which is another tool's credential store. This creates undeclared cross-tool credential access and expands the skill's capabilities to health-data retrieval without a dedicated consent boundary, increasing the blast radius if the skill is misused or compromised.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal