ClawHub

AI Running Coach

Security checks across malware telemetry and agentic risk

Overview

The skill is not malicious, but its running plans and race nutrition guidance contain concrete safety and accuracy issues users should review before relying on it.

Install only if you treat it as a draft running-coach helper, not authoritative medical or training advice. Double-check generated mileage, paces, and nutrition plans with a qualified coach or clinician, especially if you have injury history, cardiovascular issues, diabetes, GI problems, electrolyte concerns, or caffeine sensitivity. Avoid uploading route files that reveal sensitive locations unless needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The documented weekly mileage ranges are grossly inconsistent with the per-day distances shown in the tables. In a running-coach skill, this can mislead users about appropriate training load, potentially causing unsafe overtraining, poor planning, or loss of trust in the training guidance.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The content gives prescriptive race-day fueling advice, including energy gel frequency, salt tablets, and optional caffeine gels, but does not clearly warn users to test these in training, account for gastrointestinal tolerance, stimulant sensitivity, hydration needs, or relevant medical conditions. In a running-coach skill, users may follow this guidance directly during a marathon, which can lead to GI distress, dehydration, overhydration, palpitations, or other avoidable health issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal