Back to skill

Security audit

Amazfit Health Log

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: fetch Amazfit health data from a configured HCGateway service and save it as a local Obsidian note.

Install only if you trust the publisher and intend to store Amazfit health metrics in Obsidian. Keep config.json private, use a trusted local or protected HCGateway endpoint, review the vault output path, and add the cron entry only if you want unattended daily logging. Do not run the sudo Docker commands unless you understand and control that HCGateway deployment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly performs network access to a local API and writes files into an Obsidian vault, yet no permissions are declared. This creates a transparency and policy-enforcement gap: users and the runtime may not be able to assess or restrict the skill’s actual capabilities before execution.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The documentation instructs operators to run `sudo docker compose ... up -d`, which grants broad system-management power beyond the core purpose of fetching and writing health data. If followed in an automated or agent-driven context, this expands the blast radius from note creation to host-level container control.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases include broad natural-language terms such as 'health log' and 'fetch health data', which can plausibly occur in ordinary conversation. Because the skill writes sensitive health information to persistent notes, accidental invocation could expose or store personal data without clear intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill description does not prominently warn that it uses stored credentials and persists health data into an Obsidian note. This weakens informed consent around handling sensitive personal data and may cause users to invoke the skill without realizing the privacy implications.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: amazfit-health-log
version: 1.0.0
description: Fetches Amazfit GTR3 health data from HCGateway and writes a daily Obsidian log note. Use when user says "health log", "GTR3 data", "write health data", "fetch health data", or when the daily cron triggers health logging.
---

# Amazfit GTR3 Health Log Skill
Confidence
72% confidence
Finding
write health data", "fetch health data", or when the daily cron triggers health logging. --- # Amazfit GTR3 Health Log Skill Automatically fetches Amazfit GTR3 health data from HCGateway and writes

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.