Back to skill

Security audit

Child Separation Anxiety Detection (Pre-School Crying) | 儿童分离焦虑识别(上学前哭闹)

Security checks across malware telemetry and agentic risk

Overview

The skill’s core video-analysis purpose is coherent, but it handles sensitive child videos while silently using/creating account identity, querying cloud history, and storing tokens locally.

Install only if you are comfortable sending child and parent video or video URLs to the configured remote service and with the skill creating or reusing a local account identity. Before using it, confirm guardian/school consent, understand where reports and tokens are stored, and avoid invoking history-report queries unless you intend to access cloud-stored records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (28)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            if offset:
                query = query.offset(offset)
Confidence
70% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            return query.scalar()
        finally:
Confidence
70% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill advertises substantial capabilities—shell execution, file read/write, environment access, and network use—without declaring permissions or clearly constraining them. In a skill that processes highly sensitive child video data, this gap prevents meaningful review of what data may be stored, transmitted, or accessed during execution.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill extends beyond local visual analysis into cloud history retrieval and persistent report access, which materially broadens data handling and privacy exposure. Because the subject matter involves minors and emotional-state inference, centralizing historical reports increases the risk of profiling, unauthorized access, and secondary use beyond the user's immediate request.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Automatically reusing or creating a local default user identity introduces hidden account linkage and persistent tracking without clear user awareness or consent. For child behavioral reports, silent identity association can cause cross-session data mixing, incorrect attribution, and long-term storage of sensitive records tied to an internal profile.

Intent-Code Divergence

Medium
Confidence
78% confidence
Finding
The documented AI role says the skill should only provide visual behavior analysis and friendly reminders, but other sections require cloud queries and report-link retrieval. This mismatch obscures the true data flows and can mislead users and reviewers about the operational scope, especially where sensitive child data may leave the local context.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill advertises single-video child-separation-anxiety analysis, but the CLI also exposes a hidden list-retrieval path via `--list` plus implicit user identity resolution. This creates undisclosed access to per-user historical analysis data, increasing privacy risk and expanding functionality beyond the stated purpose.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill accepts arbitrary http/https video URLs even though the manifest describes analysis of fixed-camera local videos. Passing user-controlled URLs to a backend analysis service can expand the trust boundary and may enable server-side fetching of untrusted resources, privacy violations, or ingestion of unexpected remote content. In a child-video analysis context, this is more sensitive because the input concerns minors and home/kindergarten environments.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The script presents itself as a direct local/remote video analyzer, but actually forwards requests to backend service methods and includes an unrelated record-listing path. This creates a capability mismatch and weakens user trust boundaries: a caller expecting single-file analysis may unknowingly trigger backend processing tied to account state or service-side data access.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code resolves a user open_id and can retrieve prior analysis history, which exceeds the stated function of analyzing a provided child-separation-anxiety video. In a skill processing sensitive videos of children, account-linked history access materially increases privacy risk, enabling unauthorized enumeration or disclosure of prior analysis records if identity binding or authorization is weak.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This file exposes generic add/edit/delete/list and raw HTTP verb helpers that can talk to arbitrary URLs, which is materially broader than the declared purpose of analyzing child separation-anxiety from video. In a skill handling sensitive child-related data, this overbroad network capability increases the attack surface for unintended data exfiltration, unauthorized remote actions, or repurposing the skill as a generic proxy/client if higher-level inputs are not tightly constrained.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The get_user_by_username capability is unrelated to the stated function of child emotion/video analysis and introduces access to account-lookup behavior inside a skill that processes sensitive child-context data. Even if intended for convenience, unrelated identity lookup expands privilege and can enable user enumeration or misuse of account data if exposed through the skill path.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
This file provides broad persistent CRUD support for local user/account records, including creation, update, deletion, and lookup logic, which is materially unrelated to the manifest's child video-analysis function. In a privacy-sensitive skill involving preschool children, unexplained account storage increases the risk of silent data accumulation, function creep, and misuse of personal data.

Context-Inappropriate Capability

High
Confidence
92% confidence
Finding
The User model stores authentication-style token fields alongside personal identifiers such as username, real name, email, birthday, sex, and age, none of which are necessary for separation-anxiety video scoring. Combining child-adjacent analytics with unrelated identity and token storage creates a high privacy and account-compromise risk if the local database is accessed, copied, or reused by other components.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The code automatically alters a shared SQLite schema on initialization, adding user-related columns to sys_user regardless of whether the skill's core function requires them. Automatic schema mutation in a shared local database can unexpectedly expand stored personal data and affect other components, increasing integrity and privacy risk.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This shared utility layer performs identity resolution, token loading, account lookup, auto-login/registration, and authenticated remote requests even though the declared skill is only for child separation-anxiety video analysis. That mismatch is dangerous because a caller invoking innocuous analysis functionality may silently trigger broader account and network behaviors, expanding data exposure and creating hidden side effects outside user expectations.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code can generate default open IDs, query local user records, and create persistent user identities when none were supplied. Auto-creating identities unrelated to the stated function is risky because it can establish long-lived accounts and attribution artifacts without informed user action, and may be abused to enroll users into backend systems unexpectedly.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill reads an internal identity value from workspace state and later propagates it into global current-user variables, coupling this skill to workspace-wide identity and token context. In a child-video analysis skill, this hidden reuse of ambient identity is especially concerning because it enables cross-skill tracking and unintended authentication under another context without clear disclosure.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases for history-report access are broad enough that ordinary requests about reports may automatically invoke cloud retrieval without clear confirmation. In this context, that can cause unintended disclosure or access to sensitive historical child behavioral data when the user may only be asking generally about prior results.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill states that uploaded files are automatically saved locally, but does not provide an explicit warning or storage policy for extremely sensitive child and parent video data. Local persistence of minors' facial and behavioral footage increases the risk of unauthorized access, accidental retention, and misuse if the host environment is shared or insecure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill describes automatic cloud history queries without a clear user-facing disclosure that sensitive report data will be fetched from a remote API. Hidden remote access is especially risky here because the queried content concerns minors' emotional and behavioral history, which users may reasonably expect to remain local unless explicitly told otherwise.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document describes APIs for starting analysis, querying historical child separation-anxiety events, and exporting full reports, but it does not document any privacy safeguards, consent requirements, retention limits, access controls, or restrictions on handling children's highly sensitive behavioral data. Because this skill processes minors' emotional and behavioral observations in home and school settings, missing privacy and user-warning guidance materially increases the risk of unauthorized collection, disclosure, over-retention, and misuse of sensitive child data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code initializes internal user identity through `OpenIdUtil.resolve_current_open_id` without clear user-facing disclosure, and combines that with list retrieval of analysis results. In a child-behavior monitoring context, silent identity binding is especially sensitive because it can link and expose private behavioral records without informed consent or transparent authentication flow.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code uploads the full local video file contents or forwards a user-supplied video URL to an external analysis service without any visible notice, consent prompt, or privacy gating in this code path. Because the skill processes videos of pre-school children at home or school entrances, silent transmission of this data materially increases privacy, compliance, and data-handling risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Reading an identity value from data/smyx-api-key.txt without user-facing warning creates covert use of workspace credentials or identifiers. This is dangerous because users invoking a simple analysis skill may unknowingly have local identity material consumed for backend actions, defeating transparency and informed consent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
skills/smyx_common/scripts/config-dev.yaml:2