ClawHub
Back to skill

Security audit

Energy Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it should be reviewed carefully because it stores sensitive wellbeing history and gives mental-health-like guidance without clear consent or deletion controls.

Install only if you are comfortable with an agent asking recurring mental-energy questions and saving the answers locally in plaintext. Before use, decide where the data file should live, how to delete it, whether chart files are acceptable, whether the agent may use memory for personalization, and whether any hotline lookup should require your explicit confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill instructs reading and operating on local files such as `./energy_data.json` and reference resources, but does not declare corresponding permissions. This creates a transparency and control gap: the agent may access or manipulate user data without explicit capability disclosure, which is especially sensitive here because the file contains mental-health related history.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The declared purpose emphasizes daily energy tracking, but the documented behavior expands into trend chart generation, intervention detection, and external hotline lookup. This mismatch matters because users and policy layers may authorize a simple check-in skill while the skill actually performs broader profiling and potentially external information retrieval on sensitive psychological-state data.

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
The skill directs the agent to search for local psychological assistance hotlines for users outside mainland China, introducing external retrieval beyond simple energy tracking. In a sensitive mental-health context, this can cause unreviewed network access, inaccurate or unsafe recommendations, and unintended disclosure of user region or crisis state to external services.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script goes beyond simple mood/energy trend reporting and generates quasi-diagnostic mental health conclusions such as possible depression or burnout, plus medical-style intervention advice. In an agent skill meant for routine tracking, this can mislead users into over-trusting non-clinical output, especially because the conclusions are inferred from a very small and simplistic signal set (A/B/C answers).

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
This logic effectively performs lightweight mental-health triage despite the skill being positioned as an energy tracker. That mismatch increases risk because downstream agents or users may rely on the skill in contexts where safety guardrails, consent, escalation handling, and clinical review are absent.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger condition allows proactive inquiry whenever the agent 'needs' to record the user's energy status, without precise guardrails such as user opt-in, timing limits, or context checks. Because the subject is psychological state, overly broad activation can become privacy-invasive, manipulative, or distressing if the agent initiates sensitive check-ins unexpectedly.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill persists daily psychological-state responses to `./energy_data.json` without any explicit user-facing notice, retention policy, or consent step. Storing longitudinal mental-health adjacent data is highly sensitive; undisclosed retention increases privacy risk, secondary misuse risk, and harm if the file is later accessed by other tools or users on the same environment.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill automatically executes local scripts after recording data and after 7+ days of history, but does not clearly tell the user that code will run on their stored data. In this context, silent automation increases opacity around how sensitive data is processed, and local script execution can have broader side effects if the scripts are modified or behave unexpectedly.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list is broad and includes generic phrases like '能量状态', 'energy status', and 'mental energy', which can cause the skill to activate in contexts where the user is discussing wellbeing rather than explicitly requesting this tool. In a public skill that touches mental-health-adjacent data, unintended activation increases the chance of unsolicited prompting and unnecessary collection or interpretation of sensitive personal information.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The description says the AI agent 'proactively collects daily energy status,' which implies the system may initiate monitoring or prompting without clear user opt-in. For a lifestyle tool handling potentially sensitive wellness data, this creates consent and privacy risks, especially if users have not explicitly requested ongoing tracking.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The manifest claims the skill can 'identify psychological patterns' and provide 'professional suggestions' without any qualification, limitation, or safety framing. In the context of mental-health-adjacent analysis, this can mislead users into treating the output as professional psychological advice, raising the risk of harmful self-assessment or inappropriate reliance on an unqualified system.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The document explicitly instructs creating, appending to, and rewriting `./energy_data.json` in the user's working directory, including code that opens the file in write mode and replaces its contents. While this appears intended for normal persistence rather than abuse, it still creates a real risk of unintended overwrite or data loss if an agent follows the guidance without confirming scope, merge behavior, or backup expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal