ClawHub

RUNSTR Fitness

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says for RUNSTR fitness analysis, but it asks users to give an agent a full Nostr private key and saves sensitive health summaries by default.

Install only if you are comfortable giving an agent access to sensitive RUNSTR health data and a Nostr private key. Use a dedicated RUNSTR/Nostr identity rather than your main nsec, assume pasted secrets and command arguments may appear in local or platform logs, and explicitly tell the agent not to store health summaries unless you want that retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill tells users their private key is never stored, logged, or transmitted, yet later instructs the agent to persist a derived health summary for future conversations. Even if the raw nsec is not saved, retaining sensitive outputs derived from decrypted health data undermines the privacy assurance and can expose workouts, habits, mood, and journal patterns beyond the immediate session.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill goes beyond one-time data retrieval by directing the agent to create persistent memory and ongoing coaching/reminder behavior from highly sensitive health data. This expands scope from user-requested access into longitudinal profiling, which increases privacy risk and the chance of unauthorized use, inference, or resurfacing of sensitive information in later conversations.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The invocation description is broad enough to match common wellness or coaching requests, which can cause the skill to activate in situations where the user did not intend to share or process RUNSTR/Nostr data. In the context of a skill that asks for a private key and handles encrypted health records, over-broad triggering is more dangerous because it may prompt unnecessary credential collection and sensitive data access.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs users to hand over their nsec, which is a Nostr private key, without a strong warning that this credential can control account actions and should rarely be shared with an agent. Because a private key is far more sensitive than an API token, normalizing its disclosure creates substantial risk of account compromise, impersonation, signing abuse, and access to encrypted personal data if the agent platform, logs, or downstream tools mishandle it.

Ssd 3

Medium
Confidence
95% confidence
Finding
Persisting a structured health summary creates durable storage of sensitive health, habit, mood, and activity information that may be surfaced later outside the original context. Health-related data is especially sensitive, and storing summarized insights can still reveal intimate behavioral patterns, mental state trends, and lifestyle details even without the raw backup payload.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal