ClawHub

Daily Calorie Balance

Security checks across malware telemetry and agentic risk

Overview

This skill processes private diet and activity data and can automatically send it to a fixed QQ account, so it should be reviewed before installation.

Install only if you recognize and control the QQ recipient ID and are comfortable sending daily food and Garmin calorie summaries there. Before enabling cron, change the script to use your own configured recipient or avoid --auto mode; also confirm the Garmin region setting matches your account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill behavior includes proactively sending health-related summaries to a fixed qqbot recipient, which is more sensitive than the top-level description makes clear and can disclose personal health data to an external channel without sufficiently explicit consent. Hard-coding a destination and relying on external cron setup also creates a transparency and control problem: users may not realize where their data is being sent or how automation is actually enabled.

Vague Triggers

Medium
Confidence
75% confidence
Finding
The manual triggers are broad everyday phrases, so the skill may activate during ordinary conversation and fetch or send sensitive calorie and health summaries unintentionally. In a health-tracking context, accidental invocation can expose private information or trigger outbound notifications without the user's clear intent in that moment.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill handles health-related intake and expenditure data, then proactively sends summaries to an external chat channel on a schedule, but the description does not prominently warn users about this outbound disclosure. That lack of upfront notice undermines informed consent and increases the chance of privacy leaks, especially if the configured channel or recipient is shared or incorrect.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
In auto mode, the script sends a health-related summary to a hard-coded QQ recipient without any runtime confirmation, recipient validation, or visible opt-in in this code path. Because the message contains personal diet and activity data, this creates a privacy and unauthorized disclosure risk if the skill is triggered unexpectedly, misconfigured, or reused in another environment.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The code unconditionally configures the Garmin client to use the China-specific domain, which can route authentication and health-data access through a region the user did not choose. This is primarily a privacy, compliance, and account-integrity concern rather than direct code execution, but it becomes more sensitive because the skill processes personal health information.

VirusTotal

No VirusTotal findings

View on VirusTotal