Back to skill

Security audit

Knitify Health Chatbot

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Knitify health-research API wrapper, but users should understand that health questions and signup emails are sent to Knitify’s service.

Install this only if you are comfortable sending your research questions, product URLs, and signup email to Knitify. Avoid including unnecessary personal identifiers or highly sensitive medical details in prompts, keep the API key in OpenClaw config rather than chat, and rotate the key if it is exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The instruction to invoke research tools for essentially any health/science-related question creates an overly broad trigger surface. This can cause unnecessary transmission of sensitive medical, wellness, pet health, or drug-related user queries to a remote third-party service without clear, context-specific consent. Because health information is sensitive, broad automatic escalation to external APIs increases privacy and compliance risk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Forcing a proactive signup check and offering account creation on the first interaction regardless of user intent is unsafe workflow design. It pressures collection of personal data and redirects the conversation into an external onboarding flow even when the user did not request signup, increasing the risk of unwanted data sharing and deceptive consent. In a health chatbot context, this can also create undue trust and vendor lock-in before the user understands where their data is going.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The signup flow asks for an email address and transmits it to an external service, but the description and workflow do not present a prominent, explicit privacy warning at the point of collection. This undermines informed consent and can lead users to disclose personal information without realizing it is leaving the local assistant environment. In a health-adjacent skill, inadequate disclosure about third-party data sharing is especially problematic because users may already be primed to share sensitive context.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
This script sends user-supplied email addresses and free-form research queries to an external API service, but the file shows no consent, notice, minimization, or validation controls before transmission. In a health-focused chatbot context, those inputs may contain sensitive medical or personal information, making undisclosed third-party transmission a meaningful privacy and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.