Apple Health CSV

Security checks across malware telemetry and agentic risk

Overview

This skill locally reads user-selected Apple Health CSV files and does not show evidence of network sharing, credential use, persistence, or destructive behavior.

Install only if you are comfortable letting the agent read and summarize the Apple Health CSV files you place in the configured data directory. Keep that directory scoped to the exports you want analyzed, and review generated summaries before sharing them because they may contain private medical or wellness information.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill documentation instructs use of environment variables and local file paths, and the analyzer detected env, file_read, and file_write capabilities, but no explicit permissions are declared. Even for a local-only health skill, undeclared access to sensitive health CSVs and workspace files weakens transparency and permission scoping, increasing the risk of overbroad data access or accidental modification of private data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal