ClawHub

Fitness

Security checks across malware telemetry and agentic risk

Overview

This fitness skill is coherent, but it broadly collects and stores sensitive fitness and health-adjacent details without clear user controls.

Install only if you are comfortable with a local file accumulating workout, schedule, recovery, fatigue, injury, and achievement details across sessions. Decide which sources the agent may use, periodically review or delete ~/fitness/memory.md, and do not treat the skill as medical or injury-treatment advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

High
Confidence
97% confidence
Finding
The instruction to absorb fitness mentions from ANY source creates an overly broad activation and collection scope with no meaningful boundary, consent gate, or source restriction. In a fitness skill, this is especially risky because it can silently ingest sensitive health-related data from conversations and connected systems whenever the model encounters it, increasing the chance of overcollection and unintended persistence.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly persists learned preferences and health-adjacent fitness data in ~/fitness/memory.md but does not warn the user that this information will be retained across sessions and updates. Because fitness patterns, injuries, fatigue signals, and performance correlations can reveal sensitive personal information, failing to disclose storage meaningfully undermines user consent and privacy expectations.

Missing User Warnings

High
Confidence
96% confidence
Finding
The description says the skill absorbs data from wearables, conversations, and achievements, but it does not disclose the privacy implications of collecting from conversations and external fitness sources. In context, this is more dangerous because users may not realize casual chat or linked-app data will be treated as durable fitness records, causing covert collection of sensitive behavioral and health-related information.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "What should I do?" is very broad and can easily appear in many fitness conversations unrelated to user experience level. Using it as a primary profile signal risks misclassifying users as Beginners, which can lead to overly directive coaching, inappropriate reminders, and poor safety or autonomy handling in a fitness context.

Ssd 3

Medium
Confidence
95% confidence
Finding
The combined instructions to collect fitness information from any source and persist it to a memory file create a natural-language data retention risk, especially for conversation content and inferred health signals. Even without malicious intent, this design encourages overcollection, long-lived storage, and possible leakage of sensitive patterns such as injuries, fatigue, training schedule, and behavioral correlations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal