ClawHub

withings-health

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Withings health-data reader, but it should be treated as sensitive because it uses OAuth credentials and stores health-account tokens locally.

Install only if you are comfortable giving this skill access to your Withings health data. Keep WITHINGS_CLIENT_SECRET, any .env file, and tokens.json private; do not commit or share the skill directory after authentication. Revoke the Withings app authorization and delete tokens.json when you stop using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares environment variable requirements for Withings client credentials but does not present an explicit permissions model or user-facing disclosure about secret access. In a health-data skill, undeclared access to local secrets increases risk because users may not realize the skill depends on and can read sensitive credentials needed to access protected account data.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The stated behavior focuses on fetching health metrics, but the documented workflow also performs OAuth, reads secrets from .env, stores access and refresh tokens locally, and refreshes them automatically. That gap matters because it hides credential handling and persistent token storage associated with highly sensitive health data, preventing informed consent and increasing the chance of unsafe deployment or overbroad trust.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This skill handles sensitive health information and requires authentication against a third-party health platform, yet it does not clearly warn users that health data will be accessed and transmitted as part of authentication and retrieval. Missing disclosure is dangerous in this context because health metrics are especially privacy-sensitive, and users need explicit notice before authorizing collection, storage, and retrieval of that data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill writes OAuth access and refresh tokens to a local tokens.json file in plaintext without any file-permission hardening, encryption, or secure storage mechanism. If the host is multi-user, compromised, backed up insecurely, or the workspace is exposed, an attacker could reuse the refresh token to maintain long-term access to sensitive health data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal