ClawHub

Coach Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent endurance-coaching tool, but its Strava setup asks users to share sensitive OAuth material in chat, so it should be reviewed carefully before installation.

Install only if you are comfortable with the skill guiding Strava account linking and storing local training data. Do not paste a Strava Client Secret or full OAuth redirect URL into ordinary chat unless you understand that it may be retained in conversation logs; prefer manual data entry or a safer OAuth flow if available. Treat the training, nutrition, caffeine, and field-test guidance as coaching suggestions, not medical advice, and use extra caution if you have health conditions, medications, injuries, heat exposure, or limited training history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly instructs the user to paste their Strava Client Secret into normal chat, exposing a long-lived credential in a channel that may be logged, retained, or visible to other tools and operators. This is unnecessary and dangerous because client secrets should be handled only in dedicated secure input flows or avoided entirely in end-user chat workflows.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill asks the user to paste the full OAuth redirect URL into chat, which can contain authorization codes and related state values that are sensitive and can be replayed or misused before exchange. Putting that material into a conversational transcript increases exposure through logging and retention systems.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This content provides specific carbohydrate, fluid, sodium, and caffeine dosing guidance for long-duration events without a prominent warning that needs vary based on body size, medications, cardiovascular status, GI tolerance, heat conditions, and medical history. In a coaching skill, users may treat these values as authoritative and follow them without screening, which can contribute to dehydration, hyponatremia, GI distress, overcaffeination, or worsening of underlying conditions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This section includes advanced, high-intensity workout prescriptions such as VO2max sessions labeled for advanced athletes, but it does not pair them with clear safety gating, contraindications, or instructions to scale based on experience, injury status, recovery, or medical conditions. In a coaching skill that generates personalized endurance plans, users may treat the library as authoritative and directly apply unsafe training loads, increasing risk of overtraining, acute injury, or medical events in less-prepared athletes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file gives multiple maximal-effort field testing protocols (30-minute threshold run, 20-minute FTP test, CSS time trials) without screening, contraindications, or safety warnings. In a coaching skill, users may follow these instructions directly, and unsupervised maximal exertion can increase risk of injury, cardiac events, overtraining, or heat-related harm, especially for beginners or users with unknown medical conditions.

Ssd 3

High
Confidence
99% confidence
Finding
Across this section, the skill normalizes collection of highly sensitive OAuth material—client secret and full redirect URL—through standard conversation, creating multiple opportunities for credential leakage. In a skill context that handles third-party account access, this materially increases the risk of account compromise and unauthorized API access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal