ClawHub

nutrition-and-health

Security checks across malware telemetry and agentic risk

Overview

This nutrition skill appears purpose-aligned, but it asks for sensitive health details and gives broad health guidance without enough privacy and medical-safety boundaries.

Review this skill carefully before installing. It does not show evidence of malware or exfiltration, but it may activate on ordinary food-related questions and may ask for sensitive health information. Use it only for general wellness or meal-planning help, avoid relying on it for diagnosis or treatment decisions, and do not provide medical details unless you are comfortable with how your OpenClaw environment handles prompts, logs, and conversation history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation makes a strong privacy/security guarantee that all user information is stored only locally and never uploaded, but this file provides no verifiable implementation evidence to support that claim. Misleading users about data handling can cause them to disclose sensitive health and dietary information under false assumptions, creating privacy and compliance risk if the platform or surrounding system transmits or logs that data.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The README advertises very broad natural-language triggers for generic health, diet, and daily-life questions, which can cause the skill to activate in many ordinary conversations without clear user intent. In a health-related context, unintended activation is more concerning because users may receive quasi-medical guidance when they expected general chat, increasing the chance of overreliance on unqualified advice.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This health skill presents itself as a comprehensive advisor for broad populations, including elderly users, people with stomach problems, and users concerned about chronic conditions, but it does not clearly warn that outputs are informational and not medical advice. That omission is dangerous because users may treat recommendations as clinically reliable, delay professional care, or apply unsuitable diet guidance to real medical conditions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases in this range are broad lifestyle terms such as healthy eating, recommendations, and daily choices, which can match ordinary conversation outside an explicit request to invoke the skill. This creates an overbroad activation surface where the skill may engage unexpectedly, increasing the chance of unsolicited health guidance and collection of sensitive profile information in contexts the user did not intend.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The English triggers are also generic everyday phrases like breakfast, lunch, dinner, nutrition tips, and coffee recommendation, which are likely to appear in normal conversation. This can cause accidental invocation and expose users to unrequested health advice or prompt the skill to solicit health and dietary data without clear user intent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest describes a very broad health and lifestyle assistant without clear activation boundaries, exclusions, or negative examples. In a health domain, over-broad triggering can cause the skill to activate during general wellness or medical-adjacent conversations and provide advice outside its intended scope, increasing the chance of unsafe or inappropriate guidance.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script explicitly solicits sensitive personal and health-related information, including age, sex, height, weight, medical conditions, allergies, habits, and health goals, but provides no privacy notice, consent flow, retention policy, or guidance on secure handling. Even though this file only returns prompts and prints responses locally, in an agent-skill context such data may be logged, stored, or forwarded by surrounding infrastructure, creating privacy and compliance risk.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger guidance encourages very broad, everyday phrases such as asking what to eat, which increases the chance of accidental or ambiguous invocation. In a health-oriented skill, unintended activation can expose personal preference or health-context data in the wrong conversational context and degrade user trust, though the direct security impact is limited.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The example phrase "吃什么" is especially vague and likely to appear in ordinary conversation, making accidental triggering more likely than with a scoped request. Because the skill deals with personal health and diet preferences, even low-friction unintended activation can lead to unnecessary collection or inference of sensitive lifestyle information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal