ClawHub

Skill

Security checks across malware telemetry and agentic risk

Overview

This nutrition skill matches its stated purpose, but it persistently stores sensitive diet and health details and adds proactive behavior with too little user-facing control.

Install only if you are comfortable with persistent storage of meals, calorie goals, allergies, preferences, meal times, and health-related notes. Review MEMORY.md and HEARTBEAT.md after setup, decline reminders you do not want, disable cron jobs you no longer need, and verify the external nutrition-cli pip package before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The onboarding directs the agent to create cron-based proactive reminder jobs, which introduce persistent, scheduled behavior beyond a simple on-demand nutrition logging workflow. Even though the reminders are user-facing and arguably related to nutrition, scheduled execution increases the skill's authority and persistence, creating a larger attack surface and behavior not clearly disclosed in the skill metadata.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill appends data to shared MEMORY.md and HEARTBEAT.md to establish persistent state and integration behavior, but this persistence is not clearly surfaced to the user as a storage/integration action. Modifying shared memory and heartbeat files can affect behavior outside the immediate interaction, making the skill more stateful and potentially enabling unwanted cross-session or cross-skill influence.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill creates persistent scheduled cron jobs that can proactively message or act in a dedicated session, extending behavior beyond a simple on-demand nutrition lookup. Even though reminders are related to nutrition, background automation increases the attack surface, can surprise users, and may continue operating after the original interaction unless tightly consented and scoped.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The skill instructs storing health conditions, fitness goals, and medications in persistent memory, which is sensitive personal data and exceeds what is necessary for basic meal logging. Silent retention of this information creates privacy and compliance risk, especially because users may not realize it is being durably recorded for future use.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The onboarding instructs the agent to write and append user profile data to persistent memory without any user-facing warning that personal nutrition preferences, dietary restrictions, meal timing, and setup metadata will be stored. This is especially sensitive in a health-related context, where users may not expect durable storage of potentially private health and lifestyle information.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger definition is overly broad because it activates on casual food mentions and directs the agent to always offer logging. This can cause unintended invocation, unnecessary data collection, and accidental transition from normal conversation into tracking behavior without a clear user request.

Vague Triggers

High
Confidence
95% confidence
Finding
The meal-logging section repeats vague triggers like 'I had X' and includes a catch-all for any food mentioned in passing, making it easy for ordinary chat to be interpreted as a logging event. In a skill that stores behavior over time, this broad activation materially increases the chance of collecting personal consumption data without meaningful consent.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill explicitly says to write silently and persist preferences, calorie patterns, health context, and inferred behavior to memory without announcing updates or obtaining confirmation at write time. This is dangerous because it normalizes covert collection of sensitive lifestyle and health-adjacent data, reducing user awareness and control over long-term profiling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal