ClawHub

Weight Loss Planner

Security checks across malware telemetry and agentic risk

Overview

This is a coherent weight-loss planning skill, but it should be reviewed because it can collect sensitive body-health details and produce restrictive diet and exercise guidance from broad triggers without enough user confirmation or safety screening.

Install only if you want a Chinese-language weight-loss planning assistant and are comfortable sharing body metrics such as age, height, weight, and goals. Treat its diet and workout outputs as general wellness guidance, not medical advice; users who are under 18, pregnant or nursing, have chronic conditions, take relevant medications, have an eating-disorder history, or are inactive or high-risk should consult a clinician or registered dietitian before following the plan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are overly broad and include common health, diet, calorie, BMI, and fitness topics, which can cause the skill to activate in conversations where the user did not explicitly request a weight-loss plan. In this context, mis-triggering is meaningful because the skill collects sensitive health-related data and may provide behavior-shaping advice that is inappropriate for users who only wanted general information.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill metadata and content are written as if Chinese is the required interaction language, without offering language negotiation or stating that output should follow the user's language. This can lead to misunderstanding of health and safety guidance, especially where calorie limits, contraindications, or warning text must be clearly understood by the user.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file provides detailed exercise prescriptions, including HIIT, jump training, weighted movements, and progression guidance, but lacks clear medical disclaimers, screening criteria, stop conditions beyond a brief pain note, and advice to seek professional evaluation for high-risk users. In a weight-loss planning skill, users may follow these templates as personalized health guidance, which increases the chance of overexertion, aggravation of existing conditions, or injury for beginners, older adults, or users with obesity or cardiovascular risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file provides generalized calorie-restriction meal templates for weight loss without any safety disclaimer, screening criteria, or warning that these plans may be unsuitable for minors, pregnant users, people with diabetes or other medical conditions, or users with eating disorders. In a weight-loss skill, this omission is more dangerous because users may treat the generated plan as personalized health guidance and follow restrictive intake levels such as 1200 kcal without understanding when medical review is needed.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal