ClawHub

Peloton Stats

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it logs into Peloton to show recent cycling stats, but it requires handling Peloton account credentials.

Install only if you are comfortable giving this agent access to your Peloton account and having recent workout stats printed in the conversation. Prefer the OpenClaw credential flow, keep the auth profile protected, and rotate the Peloton password if this environment is later shared or untrusted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
79% confidence
Finding
The skill silently reads sensitive local credentials from environment variables and a local auth profile, which expands its data-access capability beyond a simple user-visible stats formatter. In an agent setting, undisclosed credential access is dangerous because users may not realize the skill will automatically consume secrets already present on the host.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup instructions tell users to place a Peloton password in configuration and even show editing a local JSON file containing plaintext credentials, without warning about sensitivity, file permissions, or safer alternatives. Storing account passwords in plaintext materially increases the risk of credential theft from local compromise, backups, logs, shell history, or accidental sharing.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script accesses stored secrets without an explicit user-facing disclosure or runtime confirmation before use. In the context of an agent skill, this reduces transparency and can surprise users who invoke a stats feature without realizing it will pull credentials from the environment or a local profile automatically.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal