ClawHub

Food Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local food-tracking skill that stores food history and dietary preferences, including sensitive restrictions, but does not show hidden execution, exfiltration, or destructive behavior.

Install this only if you want a persistent local food journal. It will keep meals, products, recipes, places, patterns, and dietary restrictions in ~/food/memory.md, including potentially sensitive allergy or avoidance information. Review or delete that file if you no longer want the data retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill uses very broad language such as 'absorbs ANY food input' and auto-detects multiple input types, which can cause the agent to engage on loosely related content without clear user intent. In practice this increases the chance of unintended invocation, over-collection of personal dietary data, and misclassification of unrelated inputs as food records.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly persists sensitive dietary data, including allergies, intolerances, habits, and places, in a long-lived local memory file. While storage is disclosed, there is no clear consent flow, retention policy, minimization guidance, or warning that these preferences can reveal health-related and behavioral information, creating a meaningful privacy risk.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad, natural-language patterns that can easily match ordinary conversation without a clear invocation boundary. That creates a risk of unintended activation, causing the skill to process and store food, restaurant, or planning data when the user did not explicitly intend to use the skill.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill specifies that allergy or food-avoidance information will be stored permanently, but it provides no warning, consent flow, or retention controls for this sensitive health-adjacent data. If collected silently or retained indefinitely, this can expose highly personal information and create privacy, compliance, and user-safety risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The pipelines repeatedly instruct the system to store meal, product, and recipe information, yet there is no disclosure of retention behavior or user control over persistence. In a food-tracking skill, this can accumulate detailed lifestyle and dietary history over time, increasing privacy exposure if users are unaware their data is being retained.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal