ClawHub

Metabolic Healing Skill System

Security checks across malware telemetry and agentic risk

Overview

This is a broad health-management workflow skill with no hidden code, but it asks agents to handle very sensitive health, community, CRM, and business data without making privacy and consent controls mandatory throughout the system.

Install only if you intend to use it in a controlled health-management or enterprise service setting. Before enabling it with real users or real records, require explicit consent, privacy notices, data minimization, retention/deletion rules, role-based access, audit logging, and clinician or qualified professional review for medication, emergency, exercise, nutrition, and special-population workflows. Do not use it as a direct medical decision-maker or as an undisclosed marketing/CRM profiling tool.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (24)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill declares it is only a health-management aid, yet its documented scope includes intervention design and workflows such as medication reduction evaluation. In a medical context, this mismatch can cause users or downstream agents to treat non-clinical guidance as quasi-medical advice, increasing the risk of unsafe care decisions despite the disclaimer.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The file substantially broadens the skill from metabolic health support into CRM, billing, contracts, supplier management, certification, and product operations. This kind of scope drift increases the skill's authority and access surface, making it easier to route users or downstream agents into non-health workflows that are outside the stated purpose and likely outside expected safeguards.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Commercial and enterprise-management capabilities are not clearly justified by the stated purpose of a metabolic healing assistant. In practice, this can create hidden functionality that manipulates user records, service operations, or commercial workflows under the trust users place in a health-oriented skill.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Adding product and supply-chain management to a health skill expands the operational blast radius beyond user guidance into procurement and product decisions. That creates opportunities for undisclosed commercial influence, inappropriate recommendations, or unsafe coupling between health advice and product operations.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
Standards-building and personnel certification are governance functions that sit outside the core role of a metabolic healing assistant. Mixing them into the same skill can misrepresent authority, blur accountability, and enable overconfident outputs in regulated or quasi-regulated contexts.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list is extremely broad and overlaps with ordinary health conversation, making accidental activation likely. In a health domain, unintended invocation can steer benign discussion into prescriptive metabolic-intervention workflows, exposing users to inappropriate or overconfident health guidance.

Vague Triggers

Low
Confidence
78% confidence
Finding
The routing table uses broad keywords without strong activation constraints, so many general health queries could be mapped into specialized pipelines. Because the skill covers safety screening, nutrition, exercise, and referral-related functions, ambiguous routing may produce inappropriate advice or omit needed escalation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly describes 7x24 collection, interpretation, and monitoring of highly sensitive health data, including exam results, metabolic state, and lifestyle information, but does not present any visible privacy notice, consent flow, data-minimization rule, retention policy, or handling constraints. In a health-focused skill, this omission is dangerous because users may disclose regulated or highly sensitive data without understanding storage, sharing, or secondary-use risks, increasing the chance of privacy harm and downstream misuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file defines AI-assisted generation of individualized exercise prescriptions for users with metabolic and cardiovascular conditions, but it does not present a clear user-facing warning that the output is not medical advice and must be reviewed by a qualified professional before use. Although many steps mention internal review by a trainer or doctor, those safeguards are workflow notes rather than explicit end-user safety boundaries, so a user or downstream integrator could treat the AI output as directly actionable medical guidance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The HIIT section describes generating interval-training prescriptions from baseline and activity data, but it lacks a direct warning to the user that HIIT can be unsafe for individuals with cardiometabolic disease, deconditioning, hypertension, or other risk factors unless they first obtain explicit professional clearance. In this skill context, that omission is especially dangerous because the broader system targets users with chronic metabolic conditions, making high-intensity guidance more likely to be misapplied to medically vulnerable populations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This file describes broad automated ingestion, analysis, modeling, and reporting over highly sensitive health data including blood glucose, lipids, blood pressure, sleep, genetics-adjacent markers, microbiome data, and medication-related assessments, but it provides no privacy notice, consent boundary, retention rule, access control, de-identification requirement, or data-sharing constraint. In a health context, that omission is dangerous because downstream implementers may process regulated medical data without adequate safeguards, creating confidentiality, compliance, and secondary-use risks.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This unit explicitly processes user behavior data and prior attempts to change health habits, which are sensitive health-related data points. The file provides no user-facing notice, consent requirement, minimization rule, retention limit, or safeguard guidance, creating privacy and compliance risk if deployed as written.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Referencing historical consultation records for automated Q&A generation risks repurposing potentially identifiable health interactions without notice or consent. In a chronic disease education skill, these records may contain diagnoses, symptoms, medications, and other sensitive details, so the absence of privacy constraints increases the chance of unauthorized disclosure or over-collection.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill uses psychological assessment data to tailor stress and emotion management content, but does not mention heightened sensitivity, consent, or escalation boundaries. Mental health data is especially sensitive, and lacking safeguards can expose users to privacy harm, inappropriate profiling, or unsafe handling of psychological risk indicators.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document defines workflows that ingest and process highly sensitive medical information, including medication lists, diagnoses, lab values, pregnancy status, adverse events, and emergency data, but it does not state any privacy notice, consent requirement, retention rule, access control expectation, or data-minimization constraint. In a health-management skill, that omission materially increases the risk of unsafe collection, over-sharing, or mishandling of regulated health data by downstream implementations or operators.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill includes emergency handling, red-line referral decisions, and urgent transfer coordination, but it does not clearly warn that AI-generated triage or SOP guidance is only assistive and must not delay or replace emergency medical evaluation or emergency services. In this context, users or operators could over-rely on the system during acute events, causing dangerous delays, mis-triage, or inappropriate reassurance.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly collects expert contact details and later user health profiles, both of which are sensitive personal data categories that require clear notice, consent, minimization, and handling controls. In a health-management/community context, omitting privacy warnings and governance increases the risk of unauthorized collection, over-sharing, and misuse across downstream workflows.

Missing User Warnings

High
Confidence
97% confidence
Finding
This section covers collection of user health information, questionnaires, device-sync data, intervention history, behavior logs, and satisfaction data without any stated consent, purpose limitation, or privacy safeguard. Because this is health-related profiling in a chronic-disease setting, the data is highly sensitive and could enable invasive inference, discrimination, or harmful exposure if processed or shared improperly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file describes fully automated monitoring of community messages and interaction data, along with dashboards, anomaly alerts, and trend analysis, but does not warn users that their communications may be continuously analyzed. Continuous analysis of social interactions can create covert surveillance concerns and secondary use of personal data beyond user expectations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Automated churn-risk prediction, user segmentation, conversion strategy, and automated outreach are forms of profiling that can materially affect users, especially in a health-related service where vulnerability and trust are heightened. Without disclosure and controls, this can lead to manipulative targeting, opaque decision-making, and misuse of sensitive health and engagement signals for commercial purposes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
These sections describe automated maintenance of health archives, remote monitoring, and related processing of sensitive health data, including wearable and home testing inputs, without any explicit consent flow, privacy notice, retention limits, or warning about profiling and downstream use. In a health-management skill, this is especially risky because the data is highly sensitive and the workflow normalizes broad AI-driven processing that could lead to unauthorized collection, overprocessing, or noncompliant handling of medical-adjacent personal data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The CRM and feedback-analysis workflows specify fully automatic extraction, structuring, tagging, sentiment analysis, clustering, and linkage with health archives and service records, but do not state any user notice, consent, opt-out, or limits on profiling. This creates a real privacy and compliance vulnerability because it enables covert behavioral profiling and aggregation of sensitive health-related interactions across systems.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes extensive collection, analysis, and aggregation of sensitive health and user data, but the file does not present clear user-facing privacy, consent, retention, or sharing constraints. In a health context, that omission is dangerous because users may disclose highly sensitive medical and lifestyle information without understanding how it will be processed or propagated across pipelines.

Missing User Warnings

High
Confidence
97% confidence
Finding
The pipelines repeatedly include medication reduction/discontinuation evaluation and 'reversal' flows without a strong, repeated warning that such outputs require licensed clinician oversight. In a chronic-disease context, users may interpret these workflows as actionable self-management guidance, which could lead to hypoglycemia, hypertensive complications, relapse, or other serious harm if medications are changed without supervision.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal