ClawHub
Back to skill

Security audit

FitDietKernel

Security checks across malware telemetry and agentic risk

Overview

FitDietKernel is a disclosed local diet-tracking knowledge base with expected local reads and writes, though users should treat the stored profile, food logs, and weight data as sensitive health information.

Install only if you are comfortable storing diet, weight, sleep, and meal records locally in this skill directory. Avoid committing personal logs or profile data to a public repository, and ask the assistant to preview changes before it updates food_registry.json or creates daily logs. Use the HTML UI only if you are comfortable loading Chart.js from an external CDN.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill instructs the AI to read from a local path (`~/fitdietkernel/`) and references modifying `profile.json` plus automatic check-in/report generation, which implies file read/write behavior despite no declared permissions. Undeclared filesystem access weakens transparency and consent, and could cause unintended access to local health data or persistence of sensitive logs.

Tp4

High
Category
MCP Tool Poisoning
Confidence
81% confidence
Finding
The documentation presents the skill as a diet knowledge base and calculation aid, but the described behavior extends into local data ingestion, tracking, and report generation. This mismatch is security-relevant because users may grant trust expecting passive nutritional guidance while the skill actually handles local files and behavioral logs, increasing the chance of overcollection or misuse of sensitive personal-health information.

Context-Inappropriate Capability

Low
Confidence
82% confidence
Finding
Loading Chart.js from a third-party CDN introduces a supply-chain and privacy risk: page loads can contact an external domain and execute remotely hosted JavaScript in the app context. If the CDN asset is tampered with, blocked, or unexpectedly changed, the skill could execute malicious code or fail unpredictably.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The document expands the assistant from passive reference behavior into a state-changing agent that reads profile data and updates a persistent registry based on natural-language commands. That increases attack surface: ambiguous or malicious prompts could cause unintended file modifications, poisoning of future recommendations, or integrity issues in stored nutrition data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly instructs the AI to generate daily log files under logs/YYYY-MM-DD.md, which is a persistent write action involving user health and behavior data. Because there is no warning, consent flow, or scope limitation, a user may unknowingly allow sensitive personal data to be stored on disk or synced to a repository.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that the AI will automatically update the food database, which means modifying persistent user data without an explicit confirmation step. This can lead to silent corruption of records, unexpected repository changes, or storage of inaccurate or sensitive information that persists across sessions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Automatically updating `food_registry.json` from natural-language input without an explicit warning or confirmation creates a persistent prompt-injection and data-integrity risk. A user could intentionally or accidentally add malformed, misleading, or adversarial entries that affect future diet calculations and recommendations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.