Wahoo Fitness Cloud API

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Wahoo workout-sync skill, but it needs review because it stores sensitive OAuth and GPS/fitness data locally and ships with a concrete dependency-name problem.

Review before installing. Fix the dependency to the intended FIT parser package before running pip install, use a private WAHOO_BASE_DIR, keep tokens, FIT files, and the database out of shared folders and source control, and avoid running OAuth setup where terminal output is logged or screenshotted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill exercises sensitive capabilities including environment access, filesystem read/write, network access, and shell execution, yet it does not declare permissions. That omission weakens reviewability and user consent because the skill can handle secrets, write OAuth tokens and fitness data locally, and invoke commands without those powers being explicitly surfaced.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The declared description frames the skill as an API access and analysis tool, but the documented behavior also includes OAuth2 authorization, secret handling, persistent local storage of tokens and workout artifacts, and database creation/migration. This mismatch can mislead users and reviewers about the true security-sensitive behavior, increasing the risk of overbroad trust and unsafe deployment in environments where credential storage or local persistence is restricted.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly documents that OAuth tokens, workout metadata, FIT files, and high-resolution health/location data are stored locally, but it does not warn users that these artifacts are sensitive. This can lead operators to place the base directory in insecure locations, commit it accidentally, or under-protect it, increasing risk of credential theft and exposure of private fitness and GPS history.

Unpinned Dependencies

Low

Category: Supply Chain
Content: fit-parser
Confidence: 93% confidence
Finding: fit-parser

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal