Security audit

Daily Fitness

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed daily workout generator with optional scheduled push reminders, and the reviewed scripts do not show hidden network access, credential use, or destructive behavior.

Install only if you are comfortable with optional scheduled reminders. Do not enable push unless you intend the platform to create morning and evening scheduled runs to the selected channel; use the documented off command to remove them. Review the generated HTML before opening it if third-party ad content is later added to the placeholder slots.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill is presented as a local workout generator, but it also documents commands to enable and manage outbound push notifications to external channels such as Telegram, Feishu, Slack, and Discord. This expands the skill's capabilities beyond its stated purpose and could enable unsolicited messaging or covert user-targeted outreach without clear consent, making the hidden functionality risky in context.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: Scheduling twice-daily pushes and selecting delivery channels is not necessary to generate a daily workout HTML artifact, so the feature is unjustified by the declared purpose. Unnecessary notification controls increase the risk of abuse for spam, social engineering, or unapproved data flows to third-party platforms.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The script behavior does not match the declared fitness-skill purpose: it emits a Chinese prompt for vocabulary-themed content rather than a workout reminder/workout flow. This kind of semantic mismatch is dangerous because it can indicate a swapped, repurposed, or supply-chain-tampered skill component, causing the agent to produce unrelated content and undermining trust in what the skill actually does.

Missing User Warnings

Medium

Confidence: 76% confidence
Finding: The skill instructs writing an HTML file to a user-data output path without clearly disclosing this side effect to the user. While output generation is expected for a visual artifact, undisclosed file writes can still surprise users, complicate auditing, and normalize hidden persistence behavior in skill execution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.