ClawHub

Diet Tracker

Security checks across malware telemetry and agentic risk

Overview

The skill does diet tracking, but logging a meal can also sync private diet notes to an Obsidian vault and push the whole vault to GitHub without clear disclosure or consent.

Review before installing. Use it only if you are comfortable with meal logs and nutrition notes being written locally, copied into /root/clawd/obsidian-vault, and pushed to the configured GitHub remote using existing Git credentials. Safer use would remove or disable the Obsidian copy and git push code, or require explicit confirmation and restrict commits to the generated diet log file only.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script reads detailed personal health/profile data from a global /root/clawd/USER.md file, including height, weight, age, sex, activity level, and macro targets, even though the skill is described as diet tracking and nutrition lookup. Accessing broad profile data from a shared global file increases privacy risk and expands data exposure beyond the minimum necessary scope.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The code sends nutrition lookup queries to the external USDA API, but the skill metadata describes local diet tracking and reminders without disclosing outbound network use. Undisclosed external transmission can expose user dietary interests or logged foods and violates user expectations around local-only processing.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The script automatically copies diet logs into an Obsidian vault and pushes them to a remote GitHub repository, exposing sensitive personal health and lifestyle data outside the local device. In a diet-tracking skill, this is especially dangerous because users reasonably expect private meal logs, not silent publication to a remote service.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill's stated purpose is diet tracking, but it performs version-control operations that are unrelated to core nutrition logging and create an unnecessary external side effect. Hidden repository manipulation expands attack surface and can leak data, especially in an assistant environment where users may not inspect code paths.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger conditions are broad enough to activate on general diet or food-related conversation, which can cause the skill to read or write logs unexpectedly. In a skill that processes health data and persists records, unintended activation increases the chance of collecting or modifying sensitive information without clear user intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill handles sensitive health and profile information but does not clearly warn users that this data will be stored in local files. Without explicit disclosure and consent, users may unknowingly expose weight, age, activity level, and dietary history to other local processes, backups, or shared environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states that it searches the web for nutrition information but does not clearly disclose that meal data may be sent to external services. Because meal logs can reveal health conditions, religious practices, or lifestyle patterns, silent outbound sharing creates a meaningful privacy risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script reads sensitive health-related profile data from a local user file without any user-facing warning, consent, or runtime disclosure. Health metrics such as weight, age, sex, and activity level are sensitive personal data, so silent access creates a meaningful privacy and trust risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal