Fitbit Health Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Fitbit CLI skill that accesses sensitive health data with disclosed OAuth setup and local token storage, so users should install it only if they are comfortable sharing Fitbit data with their agent.

Before installing, review the Fitbit consent screen carefully because the skill requests access to activity, heart-rate, sleep, weight, and profile scopes. Use it only in conversations where Fitbit health details may safely appear, keep the local token file private, and run `fitbit logout` or revoke the app in Fitbit when you no longer need it.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill invokes a CLI that performs network access to Fitbit APIs and shell execution, yet it declares no explicit permissions or user-facing consent boundaries. In an agent environment, this can lead to unexpected external requests and handling of sensitive health/account data without clear authorization semantics, increasing the chance of overreach or accidental data exposure.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The description frames the skill as a simple Fitbit data query tool, but the documented behavior includes OAuth setup/login, token lifecycle handling, and access to broader profile/account information. That mismatch is dangerous because users or orchestrators may approve the skill expecting limited health summaries while it can authenticate accounts and retrieve additional sensitive personal data.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README explicitly promotes connecting an AI agent to Fitbit health data, which is sensitive personal information, but it does not warn users about privacy risks, data minimization, retention, or who may receive that data once surfaced through the agent. In this context, omission of privacy guidance can lead users to expose health metrics to the agent ecosystem or downstream logs/integrations without informed consent, increasing the chance of unintended disclosure.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This skill accesses highly sensitive health information, but the description does not warn users that using it may expose personal activity, sleep, heart-rate, weight, and profile data. Lack of an explicit warning increases the risk of uninformed consent, accidental disclosure in chat transcripts, and unsafe use in shared or logged environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal