ClawHub

Calorie Visualizer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local calorie-tracking skill with disclosed privacy considerations around local health logs, USER.md profile fields, and optional USDA lookups.

Install this only if you are comfortable keeping meal history and optional photo paths in a local SQLite database. Set a manual daily_goal if you do not want profile-derived calorie targets, and use --offline or leave USDA_API_KEY unset if you do not want food search terms sent to USDA. Keep Python packages and the local browser runtime patched.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises capabilities including file read/write, shell execution, environment access, and optional network use, but declares no permissions at all. This creates a transparency and policy-enforcement gap: users and the hosting platform cannot make an informed trust decision, and the skill can access sensitive local data such as USER.md, local files, and API keys without explicit declaration.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The documented purpose frames the skill as a local calorie logger and visualizer, but the behavior extends to reading profile data from USER.md, deriving health-related targets, storing broader configuration, and performing optional online lookups. This mismatch is security-relevant because users may authorize a seemingly local-only nutrition tool without realizing it processes personal profile data and may send food queries over the network, increasing privacy and data-handling risk.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is described as local calorie logging and visual reporting, but it silently performs external USDA lookups and persists the returned data locally. This creates a functionality/privacy mismatch: user input that appears local-only is transmitted to a third party without clear disclosure at the time of use.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script automatically reads USER.md from the broader workspace and extracts height, weight, age, and gender to compute calorie targets. Accessing potentially sensitive profile data outside the skill's own local data store without an explicit consent flow is a privacy-sensitive behavior that exceeds the stated local logging purpose.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The renderer reads biometric data from USER.md via an environment-controlled path and uses it to derive a calorie goal, which exceeds the stated need of local calorie logging and visualization. This creates unnecessary access to sensitive profile data and broadens the skill's data collection surface without clear consent or tight scoping.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
Mining USER.md for height, weight, age, and gender is broader than the advertised calorie logging/reporting behavior and introduces hidden collection of personal data. Even though the data is used locally, the undisclosed access can violate user expectations and leak sensitive context into a component that does not strictly require it.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This code parses sensitive health-related profile attributes from USER.md without a contemporaneous warning or affirmative consent. Because calorie targets are derived from age, sex, height, and weight, the skill is processing personal health-adjacent data in a way users may not expect from a simple logging/reporting tool.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
When a local database miss occurs, the script sends the user-provided food query to the USDA API without a clear privacy notice. Even if the data seems low sensitivity, transmitting user diet-related queries externally can reveal habits or health interests and contradict the skill's local-only framing.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code reads potentially sensitive personal data from USER.md without any user-facing disclosure, consent check, or visible indication in the renderer flow. Because the path can be set by environment variable, this also increases the risk of unexpectedly reading another sensitive markdown file available to the process.

Unpinned Dependencies

Low
Category
Supply Chain
Content
html2image>=2.0.4
Pillow>=10.0.0
Confidence
90% confidence
Finding
html2image>=2.0.4

Unpinned Dependencies

Low
Category
Supply Chain
Content
html2image>=2.0.4
Pillow>=10.0.0
Confidence
95% confidence
Finding
Pillow>=10.0.0

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
93% confidence
Finding
Pillow

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal