ClawHub

Health Data Analyzer

Security checks across malware telemetry and agentic risk

Overview

The skill is built for health-data analysis, but it can pull sensitive health, account, and device metadata with limited consent and scoping guidance.

Install only if you intend the agent to access your connected healthdata MCP server. Use it with explicit prompts, narrow date ranges, and only the tables needed for the question; avoid users and user_data_sources unless identity or device provenance is specifically required. Treat terminal output and logs as sensitive health information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The query patterns explicitly include access to `users` and `user_data_sources`, which are profile/metadata tables beyond what is strictly necessary for answering most sleep, exercise, and recovery questions. In a health-data context, exposing identity-linked metadata increases privacy risk and broadens access to sensitive personal information without clear minimization or justification.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The status-check script performs a state-changing action by modifying the permissions of health_analyzer.py, which exceeds a read-only diagnostic role. Even though it targets a local script in the same skill, silently repairing permissions can surprise users, alter deployment state, and violate least-privilege expectations for a health-data analysis utility.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script has local filesystem modification capability through chmod, which is unrelated to querying health data and unnecessary for a pure connectivity/status check. While the specific target is constrained, this still broadens the script's side effects and weakens trust boundaries for users expecting non-invasive diagnostics.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The get_user_info function retrieves broad profile and data-source metadata that goes beyond narrowly scoped sleep, exercise, and recovery analysis. In a health-data skill, exposing user identity or connected-source details increases privacy risk and broadens data access without an obvious need-to-know justification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill is designed to access comprehensive health data, including sleep, recovery, HRV, blood oxygen, and related metrics, but it does not present any explicit privacy warning, consent requirement, or handling guidance for sensitive personal data. Because health data is highly sensitive, lack of disclosure and consent language can lead to over-collection, inappropriate querying, or unsafe exposure of regulated personal information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document provides ready-to-run commands for querying sensitive health and profile-related data but includes no privacy, consent, retention, or access-control guidance. Because health data is highly sensitive, operational examples that normalize direct access without safeguards can lead to overcollection, unauthorized disclosure, or misuse by downstream agents or operators.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Changing file permissions without explicit prior warning or consent is risky because it mutates the local environment during what appears to be a harmless status check. In practice this can create unexpected executable files, complicate audits, and normalize silent self-repair behavior that could be abused in similar scripts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script queries sensitive health data and prints raw results directly to stdout, which can expose sleep, recovery, heart-related, and other personal metrics in logs, terminals, or downstream tooling. In a health-analysis context, this is especially sensitive because the data may qualify as highly private medical or wellness information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal