ClawHub

Health Auto Log

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent health-logging purpose, but it can turn ambiguous chat numbers into sensitive health records in AX3 without clear opt-in or confirmation.

Install only if you intentionally want AX3 health auto-logging. Before use, remove or confirm bare-number entries, require explicit health keywords or units, and make sure users understand that detected measurements will be sent to AX3 and stored there.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to invoke a shell command (`python3 scripts/record_health_data.py ...`) but does not declare corresponding permissions. Undeclared execution capability reduces transparency and weakens policy enforcement, making it easier for a skill to run code paths reviewers or runtime controls may not expect.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger description says to use the skill for messages containing health keywords or plain numeric values that could be weight measurements, which is far too broad. In a messaging context, many ordinary messages contain numbers, so the skill could activate unexpectedly and send sensitive health data interpretations to AX3 without clear user intent.

Vague Triggers

High
Confidence
98% confidence
Finding
The examples explicitly list a bare number like `69.8` as sufficient to trigger health logging. This creates ambiguous activation where unrelated numeric content may be misclassified as weight and recorded as sensitive medical/wellness data, increasing privacy and integrity risks.

Vague Triggers

High
Confidence
98% confidence
Finding
Accepting plain numbers as valid weight input means the parser may treat any standalone numeric message as health data. In a WhatsApp-style workflow this can lead to accidental logging of unrelated numbers, polluting records and disclosing inferred health information to an external service.

Missing User Warnings

High
Confidence
97% confidence
Finding
This skill processes highly sensitive health information from private messages and records it to an external AX3 system, yet the description provides no upfront privacy notice, consent requirement, or transmission warning. Because health data is especially sensitive, silent forwarding from chat content materially increases privacy, compliance, and user-expectation risks.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script automatically sends sensitive health data to an external AX3 service once patterns are detected, without any explicit consent, confirmation, or visible warning in the flow. In a messaging context, this can cause unintended disclosure or persistence of medical/exercise information from ambiguous text, making the privacy risk materially higher.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal