ClawHub

Oura Briefing

Security checks across malware telemetry and agentic risk

Overview

This skill transparently fetches a user's Oura health metrics for a daily briefing, but the token and returned health data should be treated as sensitive.

Install only if you want your agent to access your Oura sleep, readiness, activity, HRV, temperature, and recovery data. Prefer setting OURA_API_TOKEN in a protected environment or secret manager instead of passing --token on the command line, avoid posting raw outputs in shared transcripts or logs, and revoke the Oura token when you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to execute a shell script and declares required binaries (`curl`, `jq`), but it does not declare corresponding permissions for shell/code execution. That creates a capability mismatch where a reviewer or runtime policy may underestimate what the skill can do, increasing the chance of unsanctioned command execution and external network access to a health-data API.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation tells users to set and use an Oura access token and describes fetching highly sensitive sleep, readiness, HRV, and recovery data, but it does not provide a clear user-facing privacy warning about transmitting and processing health information. In a health context, omission of such notice can lead to uninformed consent, accidental exposure of personal health data, and unsafe handling of tokens or output by downstream agents.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal