Half Full

Security checks across malware telemetry and agentic risk

Overview

This eating companion mainly stores data locally, but it quietly profiles sensitive health patterns and ships with personal-looking health records.

Review before installing. Only use this skill if you are comfortable with local plaintext storage of meal, profile, weight, and Apple Health-style activity data. Clear the bundled data files before use, and avoid enabling any menstrual-cycle inference unless the publisher makes it explicit, opt-in, reviewable, and deletable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (11)

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The guide materially expands a meal-photo mindful-eating skill into collection and use of Apple Health exercise and weight data, which are sensitive health categories far beyond the stated product scope. This creates a data-minimization and expectation mismatch risk: users may believe they are using a lightweight food companion while the agent processes broader health telemetry and body-weight information.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The guide instructs the agent to infer menstrual-cycle status from eating behavior and weight fluctuations without explicit user request or consent. Inferring a highly sensitive health attribute from behavioral data is dangerous because it creates covert profiling and can lead to privacy harms, manipulation, or inappropriate personalization based on intimate medical-like inferences.

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The guide instructs the agent to collect zodiac sign for personalization even though it is unrelated to the core mindful-eating function. While less sensitive than health data, it still represents unnecessary data collection and expands profiling beyond what users reasonably expect from the skill.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The guide tells the agent to automatically parse and store Apple Health data whenever a tagged message is received, without any user-facing notice about processing, storage, or retention of sensitive health information. Automatic hidden handling of health data undermines informed consent and increases the risk of unauthorized retention, secondary use, and user surprise.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The guide explicitly directs silent storage of weight data and discourages surfacing that handling to the user. Weight is sensitive health information, and silently retaining it without transparency or consent creates a significant privacy risk and weakens user control over intimate personal data.

Natural-Language Policy Violations

Critical

Confidence: 100% confidence
Finding: This is an impermissible sensitive-attribute inference: the guide directs the system to derive menstrual-cycle status from food and weight patterns without opt-in. The risk is heightened by the covert nature of the inference and the instruction to silently alter responses, meaning the system both profiles and acts on a sensitive health attribute without the user's knowledge.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README explicitly asks users to provide height and weight, which are sensitive health-related data, but gives no privacy notice, retention limits, consent language, or explanation of how that data is stored or processed. In a health-adjacent meal-tracking skill, this omission increases risk of oversharing, uninformed consent, and improper handling of personal data.

Natural-Language Policy Violations

Low

Confidence: 95% confidence
Finding: The log embeds an absolute local path (/Users/w05/...) that discloses a user-specific home directory and workstation naming information. While this is not an active exploit by itself, exposing local filesystem details in persisted or shared logs can leak sensitive environment metadata and unnecessarily increases privacy and reconnaissance risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script persistently stores sensitive health data, including activity and potentially weight-related information, in local JSON files without any explicit disclosure, consent flow, retention notice, or access controls. In the context of a wellness skill handling personal health information, silent persistence increases privacy risk because other local users, processes, backups, or logs may expose data the user did not realize was being retained.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The code duplicates weight data into a separate file without a specific user-facing disclosure, increasing the privacy footprint and making complete deletion or auditing harder. Weight is especially sensitive health information, so secondary storage raises the chance of unintended exposure through local access, backups, or partial cleanup of only one file.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The guide not only infers menstruation-related information, but also uses that hidden inference to shape the assistant's responses while keeping the reasoning opaque to the user. This deceptive personalization can manipulate user interactions and compounds the privacy harm by operationalizing a sensitive inference behind the scenes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal