AI陪伴减肥

Security checks across malware telemetry and agentic risk

Overview

This appears to be a genuine weight-loss companion, but it asks for and stores sensitive health/activity data and gives supplement, fasting, and binge-response guidance without enough privacy or safety boundaries.

Install only if you are comfortable using this as a health and weight-loss tracker that stores local profile, meal, step, weight, and conversation-state data. Treat its supplement, fasting, binge-response, and menstrual-cycle guidance as non-medical coaching, and avoid relying on it for medical decisions without professional advice. Before binding any device or app, confirm what step data will be shared and how you can disconnect or delete records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill references reading from `data/user_records.json` and explicitly discusses writing/maintaining records, but there is no declared permission model or user-facing notice governing file access. In a health-focused agent, undeclared file read/write capability increases the risk of silent collection, retention, or modification of sensitive personal data.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The declared description presents a relatively narrow step-goal companion, but the skill content expands into supplement recommendations, menstrual-cycle handling, fasting adjustments, binge-response plans, HTML rendering, and state persistence. This mismatch is dangerous because users may disclose sensitive health information or rely on medical-adjacent guidance without understanding the full functional and privacy scope of the skill.

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: The skill expands far beyond its declared purpose of converting prior-day calorie intake into step targets, adding broader health interventions and coaching logic. This creates a scope-creep risk where users may rely on the agent for quasi-medical or behavioral guidance that was neither disclosed nor bounded, increasing safety and compliance exposure.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The code introduces supplement recommendation functionality, which is materially different from a simple diet-to-steps calculator and can influence health decisions, contraindications, and medication interactions. In a weight-loss companion context, users are especially likely to treat such suggestions as authoritative, making unreviewed supplement advice risky.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The addition of menstrual-cycle mode, binge-recovery guidance, and sleep-based behavioral interventions materially shifts the skill into sensitive health inference and intervention. In a dieting assistant, these features can affect vulnerable users' eating and health behaviors without adequate medical safeguards, increasing the chance of harm from inappropriate recommendations.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The onboarding flow collects sensitive health data such as height, weight, age, sex, body-fat rate, and routine information without any visible consent, privacy notice, or explanation of storage/use. Because this is health-related personal data, the absence of explicit informed consent and handling disclosure materially increases privacy and misuse risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill encourages device/app binding so it can 'automatically read' step data, but it does not warn users about continuous synchronization, scope of access, retention, or revocation. Persistent access to wearable/phone activity data can expose detailed behavioral patterns and should not be enabled without explicit, ongoing consent.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The interaction templates encourage collection and retention of longitudinal health-related data such as weight, meals, and step history across days. In a dieting context this is sensitive personal data, and retaining it without clear minimization, consent, retention limits, or privacy controls increases privacy and misuse risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal