ClawHub

ovulation-tracking

Security checks across malware telemetry and agentic risk

Overview

This fertility-tracking skill appears mostly aligned with its purpose, but it handles very sensitive reproductive data while making inaccurate local-only privacy claims and supporting external email/API sharing without enough safeguards.

Review this carefully before installing. Use it only if you are comfortable storing fertility, symptom, and cycle history locally and configuring Oura/email credentials. Treat partner alerts as sensitive reproductive-health disclosure: verify recipients, disable or redact alerts unless explicitly wanted, and do not rely on the local-only/no-cloud claims when Oura, email, Telegram, or other integrations are enabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (24)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill documentation and examples indicate network use and credential handling even though no permissions are declared. That creates a transparency and consent problem: users may install a health-related skill believing it is more constrained than it is, while it can still make outbound requests and access sensitive tokens. In a fertility tracker context, undeclared network capability is especially sensitive because it may involve intimate health data and partner contact details.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The stated purpose is fertility prediction, but the documented behavior also includes emailing a partner, reading credentials from config or token files, and persisting reproductive-health history locally. This is a significant behavior gap because users may not expect secondary data-sharing, credential access, or long-term storage of highly sensitive health information when installing the skill. In a reproductive-health setting, such undisclosed behaviors materially increase privacy and safety risk.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The manifest omits partner coordination while the README says the skill may send partner alerts and coordination emails about fertility events. For a reproductive-health skill, undisclosed third-party notification behavior is security- and privacy-relevant because users may not realize sensitive cycle data will be shared externally.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The README claims all analysis is local and that cycle data never leaves user control, yet elsewhere documents external APIs and email notifications. This is dangerous because it can mislead users into sharing highly sensitive reproductive-health data under false privacy assumptions, undermining informed consent and potentially exposing data to third parties.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The privacy section claims data never leaves the machine, but elsewhere the skill describes Oura API integration and automatic partner email alerts. This is a direct contradiction that can mislead users into making unsafe privacy decisions about extremely sensitive fertility data. False privacy assurances are particularly dangerous in health software because users may disclose data they would not share if the real flows were explained.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The file simultaneously promises no off-device data transfer while documenting partner emails and external API usage. That inconsistency is a real privacy vulnerability because it undermines informed consent and may cause users to expose health and relationship data under false assumptions. Given the sensitivity of ovulation, cycle, and symptom data, misleading privacy statements materially elevate harm potential.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The example configuration includes outbound email notification capability and asks for Gmail credentials, which introduces unnecessary sensitive-data handling for a fertility-tracking skill. In this context, the data being processed is intimate health information, so partner notifications and embedded credential fields increase privacy, leakage, and misuse risk beyond the core purpose unless clearly justified and strongly secured.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill accepts a config value that can reference arbitrary local files and reads them directly into memory as a bearer token. In an agent environment, this creates a local file read primitive that could expose secrets unrelated to the skill's purpose if an attacker can influence configuration, making this especially dangerous because the skill already handles sensitive health data and external network access.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The changelog advertises automated partner email alerts with fertility timing guidance but provides no warning about consent, privacy, or the sensitivity of reproductive health data being shared. In a fertility-tracking context, this is especially sensitive because disclosures about ovulation status, test results, and timing plans can expose intimate medical and relationship information to third parties if enabled unintentionally or misconfigured.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The changelog references Oura token management and external email/telegram integrations without any guidance on secure credential handling, storage, or privacy implications. Because this skill processes highly sensitive fertility and health data, weak documentation around tokens and third-party integrations increases the risk of accidental credential exposure, overbroad data sharing, or insecure deployment practices.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README promotes partner email alerts about fertility timing without clearly warning that email is an insecure or less-controlled channel for sensitive health information. Because the content concerns ovulation and trying-to-conceive activity, accidental disclosure could expose intimate medical and relationship information to unintended recipients or mail providers.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup requests an Oura token plus personal and partner identity/contact details without prominently warning that these are sensitive credentials and reproductive-health data. Users may store secrets insecurely or over-share configuration data, increasing the risk of account compromise, sensitive data leakage, or unintended partner disclosure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README says the agent will automatically begin monitoring and perform partner coordination actions around sensitive cycle events, but it does not foreground that automation may trigger on intimate health milestones. In this context, silent or poorly disclosed automation increases the chance of unexpected disclosures and user harm from actions they did not fully anticipate.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Automatic partner alerts disclose fertility-related events and timing to another person, but the documentation does not prominently warn users that intimate health information will be shared externally. In this context, even intended sharing can create safety, coercion, or relationship risks if enabled without clear informed consent. The danger is amplified because the content concerns reproductive status, which is highly sensitive personal data.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The configuration example asks for an Oura token and partner email while handling fertility data, but it provides no warning about secure storage of credentials or the sensitivity of the associated health information. Users may place tokens and personal details into plaintext files without understanding the exposure risk. In a local automation environment, that can lead to accidental leakage through backups, source control, or shared machines.

Missing User Warnings

High
Confidence
96% confidence
Finding
The privacy claims omit and contradict documented external data flows, including email alerts and Oura integration. This is more than poor wording: it can cause users to rely on inaccurate assurances when deciding whether to process highly sensitive fertility data with the skill. Misrepresentation of data handling in a health context creates substantial privacy and trust risk.

Vague Triggers

Low
Confidence
75% confidence
Finding
The option `oysterProtocol` is ambiguous and enabled without any explanation of what behavior it activates, making it difficult for users or reviewers to assess its effects. In a health-related skill, unexplained trigger-like settings are risky because they can conceal unexpected processing, alerting, or data-sharing behavior tied to sensitive fertility signals.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code sends authenticated requests containing sensitive health-related context to a third-party API without any visible consent, notice, or minimization controls. While contacting Oura is expected for this skill, the lack of explicit disclosure and safeguards increases privacy risk if users are unaware of what data is being accessed and processed.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill emails intimate fertility information, including LH surge timing, fertile window, and sexual activity recommendations, without any confirmation step or channel-safety checks. Email is often insecure or accessible by others, so automatic transmission of this category of health data can cause serious privacy harm, embarrassment, or unintended disclosure.

Missing User Warnings

High
Confidence
97% confidence
Finding
The Oyster alert sends sensitive physiological indicators and inferred health status by email without explicit prior consent or just-in-time warning. Because the skill operates in a reproductive-health context, combining illness/stress inferences with fertility tracking increases sensitivity and the potential harm from disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to place highly sensitive reproductive-health data and partner contact details into a local configuration, and it enables email alerts, but it does not clearly warn users about privacy exposure, recipient risk, or secrets handling. In a fertility-tracking context, this data is especially sensitive, and alerting or misconfiguration could disclose intimate health information to unintended recipients or through insecure local storage, backups, logs, or shared devices.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This code persists highly sensitive reproductive health data, including fertility signals, symptoms, cycle history, and inferred ovulation timing, to local JSON files without any evident user consent flow, disclosure, minimization, or protection controls. In the context of a fertility-tracking skill, this is especially sensitive because unauthorized local access, backups, logs, or shared environments could expose intimate medical and relationship-related information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This file implements health-related fertility and ovulation prediction logic and presents it as improving accuracy, but it contains no visible cautionary handling, uncertainty messaging, or limitation notice. In a fertility-tracking context, users may rely on these outputs for conception or pregnancy-avoidance decisions, so overconfident or unqualified predictions can cause real-world harm even without traditional code-execution risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The module exposes highly sensitive reproductive health data through exportPattern() and importPattern() with no access control, consent flow, minimization, or warning to callers. In a fertility-tracking context, cycle history and inferred ovulation patterns are privacy-sensitive data that could be unintentionally persisted, transferred, or loaded from untrusted sources, increasing risk of confidentiality loss and unsafe state manipulation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal