ClawHub

Sleep Tracker

Security checks across malware telemetry and agentic risk

Overview

This local sleep tracker is not malicious, but it stores sensitive sleep and health notes in under-disclosed local files and has misleading reset/deletion behavior.

Review before installing. Use only on a private machine, avoid entering sensitive medical or personal notes, set SLEEP_TRACKER_DIR to a private directory for the generic tracker, and manually check/delete /tmp/sleep_journal.txt if you use the journal feature. Do not rely on the reset command to erase records unless the implementation is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest frames the skill as sleep-focused, while the body documents a general health and wellness tracker. This semantic mismatch undermines informed consent and trustworthy capability disclosure, increasing the risk that users or orchestrators enable the skill under false assumptions about what data it handles.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The manifest promises sleep analysis, improvement advice, schedule planning, environment optimization, and nap guidance, but the commands only implement generic logging and simple tracking. Overstated claims about analysis and advice can cause unsafe reliance on nonexistent features and conceal the actual persistence/export behavior of the tool.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill supports exporting accumulated health-related logs to stdout but does not provide an explicit privacy warning or guidance about sensitive data handling. Because entries may contain personal health information, easy export increases the risk of accidental disclosure through terminal history, redirection, shared sessions, or downstream tooling.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The journal command appends user-provided sleep data and free-form notes to a predictable file in /tmp, which is a shared temporary location on many systems and may be readable or discoverable by other local users or processes. Because the script does not clearly warn users that personal health-related data will be stored locally, it creates a privacy risk and can expose sensitive behavioral or medical-adjacent information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal