ClawHub

Workout Track

Security checks across malware telemetry and agentic risk

Overview

This skill transparently saves confirmed workout logs into a user-configured PostgreSQL database, with expected but noteworthy use of local database credentials and a shell command.

Install only if you want your agent to write workout records to your PostgreSQL life_db. Before using it, verify the .env points to the intended database, use a database user limited to the sport schema, and approve saves only after checking the recap.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill uses environment-derived secrets and code execution capabilities but does not declare corresponding permissions, which weakens review and containment. Hidden capability requirements make it easier for a seemingly simple workout logger to access sensitive local configuration without clear operator awareness.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Instructing the agent to source credentials from a local .env file exposes a broader secret-reading capability than necessary for ordinary workout logging. If the skill or surrounding workflow is abused, local database credentials could be disclosed, reused, or accessed outside the intended boundary.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Requiring arbitrary shell execution via exec is overly broad for a task that should only insert structured workout data. Because the command embeds user-derived JSON into a shell invocation, any escaping mistake or downstream misuse can turn routine logging into command injection or unauthorized local command execution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal