ClawHub

Oura Ring

Security checks across malware telemetry and agentic risk

Overview

The skill is purpose-aligned for Oura health queries, but it asks users to grant broad access to sensitive health and profile data through an external local CLI.

Install only if you are comfortable authorizing a local helper CLI to access sensitive Oura health and profile data. Review or pin the external oura-cli code before running it, grant only the scopes you actually need where possible, avoid the personal endpoint unless necessary, and treat any chat containing Oura results as private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill uses broad natural-language triggers such as general sleep/recovery questions, which can cause the skill to activate in situations where the user did not clearly intend to access highly sensitive health data. In a health-data context, unintended invocation is more serious because it may lead to unnecessary API calls and disclosure of personal biometric information in the assistant response.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill handles highly sensitive health and biometric data but does not prominently warn users, at invocation time, that their request will cause retrieval of personal Oura API data. Even though the API is official and tokens stay local, lack of explicit notice can undermine informed consent and privacy expectations when the skill is triggered.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly states that the OAuth flow requests all scopes by default, including broad access to sensitive personal and health data. In a health-data skill, overbroad default scopes violate least privilege and increase the blast radius if the token is misused, leaked, or the assistant accesses data unrelated to the user's request.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal