Back to skill

Security audit

Fitbit Health Skill

Security checks across malware telemetry and agentic risk

Overview

This Fitbit skill is a coherent CLI integration for user-requested Fitbit data, with sensitive health access and token storage that are disclosed enough to treat as expected rather than deceptive.

Install only if you are comfortable letting your agent access Fitbit health/profile data. Review the Fitbit consent scopes, keep the local token file private, avoid using it in shared or heavily logged chats, and run fitbit logout or revoke the app in Fitbit when you no longer need access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill invokes network and shell-capable functionality but declares no explicit permissions or trust boundaries. In an agent setting, this makes a privacy-sensitive skill harder to govern and audit, especially because it accesses Fitbit account data and performs authentication flows that can trigger browser and local callback behavior.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented behavior understates the skill's real capabilities: it performs OAuth login, stores long-lived tokens, exposes profile access, and omits some described data types such as sleep. Description-behavior mismatches are dangerous because users and orchestrators may authorize a skill for a narrower purpose than what it can actually do, leading to overcollection of sensitive health and identity data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly positions the skill as giving an AI agent access to highly sensitive Fitbit health data, but it does not warn users that prompts, tool outputs, logs, or downstream integrations may expose activity, heart rate, sleep, and weight information. In an agent context, missing privacy disclosure increases the chance that users unknowingly grant broad access to health data that may be retained, summarized, or shared beyond their expectations.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation guidance is broad enough to trigger on common health or fitness questions, not just explicit requests to use Fitbit. Because the skill accesses highly sensitive personal health data, over-broad routing can cause unnecessary invocation and disclosure of private account information when the user only asked for general advice.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill handles sensitive health data and authentication tokens but does not present a user-facing privacy warning or data-handling notice. In this context, missing privacy disclosures increase the risk of users unknowingly exposing regulated or highly personal information through routine agent interactions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.