ClawHub

Oura Ring

Security checks across malware telemetry and agentic risk

Overview

The core Oura integration is understandable, but the package needs review because some documented safety controls do not work and included debug scripts can read tokens and print health data if run.

Review before installing. Use a least-privilege Oura token, keep .env private, avoid running the probe scripts, and do not rely on the morning_brief.sh mock or env-file override behavior until fixed. The skill is not showing exfiltration or destructive behavior, but its handling of sensitive health tokens and mismatched controls warrants the Review bucket.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill implements additional `resilience` and `stress` commands that are outside the declared skill scope of readiness, sleep, and 7-day readiness trends. This expands collection of sensitive health data beyond user expectations and can cause over-privileged behavior or downstream privacy issues in agent environments that rely on the manifest to understand what a skill does.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The module docstring advertises only readiness, sleep, and trends commands, while the code also exposes `resilience` and `stress`. This mismatch is a transparency and trust issue: users or orchestration systems may approve or review the tool under a narrower data-access assumption than what the code actually performs.

Credential Access

High
Category
Privilege Escalation
Content
import httpx
from dotenv import load_dotenv

load_dotenv("/Users/sameerbajaj/clawd/skills/oura-ring/.env")
token = os.getenv("OURA_PERSONAL_ACCESS_TOKEN")
base_url = "https://api.ouraring.com/v2/usercollection"
headers = {"Authorization": f"Bearer {token}"}
Confidence
95% confidence
Finding
.env"

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
python-dotenv>=1.0.0
Confidence
95% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
python-dotenv>=1.0.0
Confidence
95% confidence
Finding
python-dotenv>=1.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
90% confidence
Finding
requests

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal