Back to skill

Security audit

Health Copilot: Eating, Sleep, and Exercise Tracking

Security checks across malware telemetry and agentic risk

Overview

This health tracker does what it says, but it can store and rewrite sensitive health records in Feishu/Lark without clear approval steps.

Install only if you intentionally want meal, sleep, recovery, workout, weekly, and monthly health data stored in Feishu/Lark. Use a dedicated Feishu base with limited sharing, keep the base token scoped as narrowly as possible, run available dry-run commands first, and require the agent to show the exact fields and target table before allowing any upsert, rebuild, backfill, bootstrap, or dashboard refresh.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises or implies operational capabilities such as file access and shell/script execution, but does not declare permissions or provide clear constraints. This creates a transparency and governance gap: users and platform controls may not realize the skill can run local scripts that read configuration or manipulate data, increasing the risk of unintended execution paths and unauthorized access.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises automated persistence of highly sensitive health data to Feishu/Lark but does not warn users that meal photos, sleep metrics, recovery signals, and workout data may be transmitted to and stored in a third-party platform. In a health-tracking context, this omission is dangerous because users may unknowingly expose regulated or highly personal data, and operators may deploy the skill without implementing consent, retention, or access controls.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The quick-start workflow instructs users to bootstrap tables and generate reports/dashboards that modify remote Feishu resources, but it does not clearly warn that these commands create or refresh external data structures. This can lead to unintended remote writes, overbroad sharing, accidental disclosure of health records through dashboards, and irreversible changes in a production workspace.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill description promotes automated persistence of sensitive personal health data to Feishu without a prominent warning or consent mechanism. Because health-related data is highly sensitive, silently or implicitly sending it to external storage can cause privacy violations, regulatory issues, and user harm if data is persisted unexpectedly.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The workflow instructs the agent to analyze and then persist extracted health information as a standard step, but does not require explicit user approval at the moment of write. In a health-tracking context, automatic persistence magnifies the risk because screenshots and meal/workout logs can contain intimate behavioral and biometric data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs persistence of workout and health-related data into Feishu via `lark-cli base +record-upsert` but does not require any user notice, confirmation, or consent step before external logging. Because the data concerns exercise and recovery, the sensitivity of the information raises the privacy risk: an agent could automatically exfiltrate personal health data to a third-party workspace without the user clearly understanding that persistence will occur.

Natural-Language Policy Violations

Medium
Confidence
79% confidence
Finding
Requiring English-only internal schema fields without user choice or policy explanation can cause silent field mapping errors, misclassification, and reduced transparency for non-English users. In a health-tracking context, incorrect mapping of workout type, calories, or load can corrupt records while making it harder for users to understand what is being stored about them.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/bootstrap_health_tables.js:294

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/build_monthly_dashboard.js:54