Back to skill

Security audit

Strong Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Strong workout API helper, but it handles sensitive account and workout data and can create share links when explicitly invoked.

Install only if you trust this skill with your Strong account. Keep STRONG_USERNAME and STRONG_PASSWORD in a trusted local environment, treat any login or refresh output as secret, and only run share_log or share_template when you intentionally want a workout or template link created.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill exposes capabilities beyond the stated user-facing description, including raw token retrieval and profile access. In an agent ecosystem, undocumented auth/token functionality increases the chance that a caller or downstream component can access or reuse credentials in ways the user did not explicitly intend.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The code can generate shareable links for logs and templates, but that data-sharing capability is not disclosed in the skill description. Undocumented sharing/export features are dangerous because they can transform private workout data into externally accessible resources without clear user awareness or consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README states the skill can be invoked automatically and requires Strong account credentials, but it does not clearly warn that using the skill will transmit potentially sensitive fitness/account data to Strong's external service. This can lead users to grant or use the skill without informed consent about third-party data exposure, especially in agent-driven automatic invocation contexts.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation guidance is broad enough that the agent may activate this skill for general fitness or training-data questions, even when the user did not intend to access their Strong account. That can lead to unnecessary credential use, external API calls, and exposure of private workout data beyond user expectations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill supports generating shareable links for workout templates and logs without an explicit warning that this action may make private workout information accessible via a link. Users may not realize that creating a link changes the data's exposure model and could disclose sensitive health or routine information if the link is forwarded or leaked.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The login command prints access and refresh tokens directly to stdout, which can expose long-lived authentication material to logs, transcripts, calling agents, or other observers. In an API/agent context, stdout is often captured or persisted, making token leakage a concrete account-compromise risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The share commands create shareable links without any explicit disclosure or confirmation that the resulting URLs may grant access to workout content outside the authenticated session. This creates a meaningful risk of unintended data disclosure, especially in an assistant workflow where users may not understand the persistence or audience of generated links.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.