Fitness Coach Lite

Security checks across malware telemetry and agentic risk

Overview

This fitness tracker is not malicious, but it should be reviewed because it can save sensitive health and body data from broad chat triggers with limited safeguards.

Install only if you are comfortable with a chat skill saving workout, status, injury, sleep, menstrual-cycle, weight, and body-fat information as local JSON. Use explicit commands when possible, avoid importing plans from untrusted or broad filesystem paths, and keep backups if workout history matters because same-day logs and reset commands can overwrite or remove records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (9)

Description-Behavior Mismatch

Medium

Confidence: 86% confidence
Finding: The skill exposes plan import from an arbitrary local path even though its stated purpose is lightweight fitness coaching via chat. In an agent context, a user or prompt-injection chain could trick the agent into reading unintended local files, creating unjustified file-access capability beyond the skill's business need.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: plan_import reads any user-supplied filesystem path and attempts to open it. In an agent environment this can be abused to probe or exfiltrate sensitive local files if the agent is induced to call the command with arbitrary paths, which is especially dangerous because the feature is not necessary for a fitness coach skill.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The README advertises extremely broad natural-language triggers such as everyday statements about tiredness, sleep, travel, pain, walking, or asking what was done today. In a Telegram-native auto-loading skill, these phrases overlap heavily with normal conversation, increasing the chance of unintended invocation, accidental data capture, and inappropriate responses in contexts where the user did not intend to engage the fitness skill.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README promotes collection of health-related and potentially sensitive data, including fatigue, sleep quality, menstrual status, injury, body weight, and body fat, but provides no user-facing notice about privacy, retention, local vs remote storage, or sharing. Because the skill is designed for low-friction capture in chat, users may disclose sensitive health data without informed consent or understanding how long it will persist.

Vague Triggers

High

Confidence: 96% confidence
Finding: The description says the skill loads when the user sends any exercise, status, or query-related message, which is broad enough to match normal conversation and health-related chat unintentionally. Overbroad activation is dangerous here because the skill can auto-trigger persistence and plan changes on ambiguous input without a deliberate user action.

Vague Triggers

High

Confidence: 97% confidence
Finding: The instruction to evaluate every user message creates ambiguous scope and effectively turns the skill into a passive monitor of the conversation. In this context, that is risky because many ordinary statements about fatigue, travel, weight, or exercise could be interpreted as commands and automatically written to persistent health history.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill is designed to automatically store workout, body, and status information, but the description does not prominently warn users that sensitive health-related data will be persisted. This lack of disclosure is especially concerning in a Telegram low-friction flow, where users may think they are casually chatting rather than creating a durable personal record.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill hardcodes UTC+8 for date and time handling instead of using a user-configured timezone. For a workout logging and reporting tool, this can silently misdate records, distort daily or weekly summaries, and trigger incorrect plan or compliance calculations around day boundaries.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill persists sensitive health-related information such as weight, body-fat percentage, and workout history to local JSON files without any visible disclosure, retention policy, or consent mechanism. In a personal-coaching context this increases privacy risk, especially if multiple users share the environment or local storage is later accessed by other tools or operators.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal