ClawHub

Calorie Lookup

Security checks across malware telemetry and agentic risk

Overview

This nutrition lookup skill is coherent and purpose-aligned, with expected API lookups, optional model-based translation/photo recognition, and local caching disclosed across its artifacts.

Install only if you are comfortable providing Spoonacular or USDA API keys and having meal descriptions or food photos processed by the configured nutrition APIs and model/sub-agent workflow. Avoid uploading sensitive images, and adjust or clear CALORIE_SKILL_CACHE_DB if you do not want local meal-query history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
81% confidence
Finding
The file presents capabilities that do not cleanly match the documented implementation, including claiming image recognition without visible image-handling logic and omitting material behaviors like local SQLite caching and translation pathways. This kind of mismatch is dangerous because users and reviewers may make trust decisions based on incomplete or inaccurate documentation, which can hide data handling, persistence, or unexpected processing paths.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The guide introduces mandatory Decomposer and image-recognizer sub-agents plus LLM-based translation/recognition that are not disclosed in the skill metadata. This is a supply-chain transparency issue: users and integrators may believe the skill only performs API nutrition lookup, while their inputs or images are actually routed to additional model-driven components, changing the data flow and trust boundary.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
Forcing all non-English input through an LLM decomposer/translation path without user consent can expose potentially sensitive dietary, health, or personal context to an additional processing component. It also removes user control over whether their language input is transformed or sent to third-party model services, which is a meaningful privacy and policy risk in a consumer nutrition skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises photo-based recognition and third-party API-backed nutrition lookup, but it does not clearly disclose that user-provided food photos and descriptions may be transmitted to external providers. This creates a real privacy and informed-consent issue because users may unknowingly send personal or sensitive dietary data to Spoonacular, USDA, or multimodal model providers.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow routes user food photos to a multimodal sub-agent/LLM without any explicit notice, consent step, or data-handling disclosure. Images often contain sensitive incidental data (faces, locations, receipts, surroundings), so silent transmission to an LLM increases privacy risk and may violate user expectations or policy requirements.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal