Back to skill

Security audit

Autism Stereotyped Behavior Detection (Spinning / Hand-Flapping) | 自闭症儿童刻板行为识别(转圈/摆手)

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud video-analysis tool for sensitive child behavior footage, and its remote upload, automatic identity handling, and local token/database persistence need review before use.

Install only if you are comfortable sending child behavior videos, report queries, and account-linked identifiers to the configured cloud service. Use it in environments where guardian consent, data-retention expectations, and access controls are already handled, and be aware it may create a local shared SQLite database and store service tokens in the workspace data directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
Findings (20)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            if offset:
                query = query.offset(offset)
Confidence
73% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            return query.scalar()
        finally:
Confidence
72% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill manifest advertises and instructs use of capabilities including shell execution, local file handling, environment use, and network/API access, but it does not declare permissions or clearly constrain those operations. That mismatch weakens policy enforcement and user awareness, especially because the skill processes highly sensitive child video and report data and can transmit it to cloud services.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
This file exposes broad generic network-capable CRUD helpers and arbitrary HTTP wrappers that are not narrowly scoped to the stated purpose of behavior-video analysis. In a skill handling sensitive child-related data, this unnecessary capability expansion increases the attack surface and can enable unauthorized data access, modification, deletion, or exfiltration if other parts of the skill pass attacker-controlled URLs or payloads into these wrappers.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The username lookup helper is unrelated to the advertised functionality of detecting stereotyped behaviors from fixed-camera video. In a system processing sensitive child and caregiver information, this kind of user-enumeration capability can facilitate privacy violations, account discovery, or broader integration misuse beyond the declared purpose.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
This file defines a reusable user/account DAO with username, realname, email, and token handling that does not match the declared purpose of a child behavior video-analysis skill. Scope mismatch is dangerous because it expands the data processed by the skill, increases privacy risk, and may indicate unnecessary collection or reuse of account data unrelated to the stated function.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The User model stores authentication-style artifacts such as token and open_token even though the skill description is limited to behavioral video analysis. In the context of a system processing children’s data, unnecessary token storage materially increases privacy and account-compromise risk if the local SQLite database is accessed by other components or users on the host.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This utility provisions identities through a remote login endpoint, stores tokens/open tokens in a local database, and auto-creates fallback users unrelated to the declared purpose of local video behavior analysis. That creates hidden identity management and credential persistence behavior that broadens the trust boundary, enables undisclosed account linkage/external service use, and increases the blast radius if the workspace or DB is compromised.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The file implements a broad HTTP mediation layer with automatic authentication, user bootstrap, retry logic, and balance/payment handling, which exceeds the narrowly stated analytics purpose of detecting stereotyped behavior from video. Such overbroad capability can be repurposed to communicate with external services, create hidden dependencies, and process account state without clear necessity or user awareness.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The history-report trigger phrases are broad enough that ordinary user requests could automatically invoke cloud history queries without clear confirmation. Because the reports concern a child's behavioral and potentially medical-adjacent history, accidental triggering can expose sensitive data beyond the user's immediate intent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill permits uploading or remote processing of highly sensitive videos of minors and associated behavioral reports through cloud/API workflows, but the operational steps do not require a prominent upfront consent and transmission warning at the moment of use. This creates significant privacy and compliance risk because users may not realize that identifiable child data is being sent off-device.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The tool handles highly sensitive videos of children's behavior yet accepts remote URLs and configurable remote API endpoints without any visible privacy warning, trust boundary notice, or transport/data-handling safeguards in this file. In this context, users may unknowingly send protected child behavioral data to third-party services or untrusted locations, creating significant confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code reads arbitrary local video files into memory and uploads their contents for remote analysis, but this file provides no user-facing notice, consent check, redaction option, or destination transparency. In this skill's context—fixed-camera recordings of children in homes or rehabilitation centers—the data is highly sensitive, so silent transmission increases privacy and compliance risk even if the behavior is functionally intended.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The DAO automatically creates a local SQLite database and initializes tables on startup without any user-facing disclosure or consent flow. In a skill handling sensitive child behavior analysis, silent creation of persistent local storage increases privacy and compliance risk because operators may not realize data is being retained on disk.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The code silently performs ALTER TABLE on an existing database to add fields, changing the persistence schema without notice. Automatic schema mutation is particularly sensitive here because it can expand what personal data is stored over time, and users or administrators may not be aware that new account-related fields are being retained locally.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code automatically attaches user identifiers and tokens to outbound requests and may create/login users remotely without any user-facing disclosure in this file. In a child behavior analysis context, silent transmission of account-linked metadata is especially sensitive because it can expose operator identity, tenant context, and service tokens beyond what users may expect from video analysis tooling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The utility reads an identity-like value from data/smyx-api-key.txt and treats it as an internal open-id source without explicit user notice or validation. Accessing credential-like local data silently can cause cross-skill identity reuse, accidental impersonation, or misuse of values left in the workspace by other components.

External Transmission

Medium
Category
Data Exfiltration
Content
"source": ConstantEnum.DEFAULT__SKILL_HUB_NAME
            }
            try:
                _response = requests.post(_url, json=_data)
                if _response.status_code == 200:
                    _response_json = _response.json()
                    if _response_json and _response_json.get("success"):
Confidence
91% confidence
Finding
requests.post(_url, json=

Hidden Instructions

High
Category
Prompt Injection
Content
| 📁 格式支持 | 输入要求:支持 mp4/avi/mov 视频,最大 10MB;**关键**:必须能看到儿童全身,帧率 ≥ 10 FPS |
| 🔎 使用提醒 | 部分日常动作(鼓掌、跳舞、追逐游戏等)可能被误识别为刻板行为,建议康复师/家长进行抽样复核 |
| 🔎 使用提醒 | 多儿童在同一视野内、家庭成员同时出现等情形可能影响识别准确性 |
| 🧑‍⚖️ 结果性质 | 本工具**不提供自闭症诊断**,也**不替代** ADOS-2 / ADI-R / CARS 等专业评估;任何康复方案应在认证的康复治疗师指导下进行 |
| 🔏 隐私合规 | 隐私合规:自闭症儿童行为视频涉及未成年人高度敏感隐私,使用前需取得监护人明确知情同意,妥善加密保管;建议优先采用人体骨架/轮廓模式 |
| 🚫 脚本限制 | 禁止临时生成脚本,只能用技能本身的脚本 |
| 🌐 网络地址 | 传入的网络地址参数,不需要下载本地,默认地址都是公网地址,api 服务会自动下载 |
Confidence
72% confidence
Finding

YARA rule 'agent_skill_mcp_tool_poisoning_metadata': MCP/tool metadata poisoning indicators in tool schemas or skill manifests [agent_skills]

High
Category
YARA Match
Content
---
name: "smyx-autism-stereotyped-behavior-detect-analysis"
description: "Using a fixed camera in rehabilitation centers or homes, the system analyzes children's behavior videos with pose estimation and temporal action detection to recognize repetitive stereotyped behaviors, including spinning (body rotation ≥ 360°), hand flapping (non-functional repetitive arm movement), body rocking (rhythmic forward-backward or side-to-side trunk motion), etc. | 通过康复机构或家庭固定摄像头,分析儿童行为视频,利用姿态估计和时序动作检测技术识别重复性刻板动作,包括转圈(身体旋转360°以上)、摆手(手臂非功能性重复摆动)、摇晃(躯干前后或左右有节律摆动)等。该技能可辅助康复师和家长客观记录行为变化,评估干预效果。"
version: "1.0.4"
license: "MIT-0"
---
Confidence
84% confidence
Finding
description:; ‍

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
skills/smyx_common/scripts/config-dev.yaml:2