Back to skill

Security audit

Child Social Interaction Frequency & Duration Analysis | 儿童社交互动频次与时长分析

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud video-analysis tool for children's social behavior, but it uses sensitive child footage, automatic identity/account handling, history access, and persistent tokens with limited user control.

Review before installing in any setting involving children. Only use it with clear guardian/school consent, confirm that videos and URLs may be processed by a remote service, understand how reports are retained and who can access history, and avoid treating outputs as medical or autism-screening results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
Findings (24)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            if offset:
                query = query.offset(offset)
Confidence
75% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            return query.scalar()
        finally:
Confidence
75% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to run local Python modules, save uploaded files, query remote APIs, and emit report links, which implies shell, file, and network capabilities despite no declared permissions. This creates a transparency and policy-enforcement gap: reviewers and runtime controls cannot accurately assess or constrain what the skill is allowed to do.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest describes in-session child social-interaction analysis, but the documentation additionally mandates cloud-hosted historical report listing and report-link retrieval. That expands the data surface from single-task analysis into remote account-linked data access, increasing privacy and authorization risk, especially because the data concerns minors.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documentation adds 'early screening of autism spectrum tendencies' beyond the stated analytics purpose of counting observable interactions. This is a material scope expansion into sensitive health/psychological inference about children, which raises safety, compliance, and misuse risks far beyond ordinary video analytics.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill says the AI must not provide psychological or autism diagnosis, yet elsewhere markets the feature as autism early-screening. That contradiction can mislead operators into treating non-diagnostic outputs as health screening signals, which is especially dangerous in a child-monitoring context.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill accepts arbitrary http/https video URLs even though the manifest frames the capability as analyzing footage from fixed cameras in kindergartens or early-education centers. Allowing unrestricted remote URLs broadens the data-ingestion surface, can enable analysis of untrusted or out-of-scope content, and may cause the backend service to fetch attacker-controlled resources or process sensitive third-party videos without constraint.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The script exposes a history-listing function that retrieves prior analysis results via `skill.get_output_analysis_list(open_id=open_id)`, which goes beyond the stated purpose of analyzing a provided video. In a child social-interaction analysis context, historical outputs may contain sensitive behavioral records or metadata about children, so exposing list access increases privacy and data-disclosure risk if authorization is weak or misused.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The code accepts a hidden `--open-id` parameter and resolves a current identity before servicing `--list`, enabling access to analysis history based on an opaque user identifier not disclosed in normal help output. Hidden identity-based access is especially dangerous here because the skill processes surveillance-style footage of children; if an attacker can influence or guess identities, they may enumerate or retrieve sensitive historical analysis data without transparent user consent.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This module reads platform/user identity environment variables such as OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, and FEISHU_OPEN_ID even though they are not clearly required for core child social-interaction video analysis. In a kindergarten-focused skill, collecting or binding external identity data expands the data surface around children’s monitoring workflows and can enable unintended correlation of surveillance outputs with operator identities or platform accounts.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The utility performs remote account bootstrap/login, token retrieval, and persistent token handling that are unrelated to the declared kindergarten social-interaction video-analysis purpose. This expands the skill's capabilities into identity and account operations, creating undisclosed external data flows and increasing the risk of credential misuse, shadow account creation, or unauthorized backend access.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code generates synthetic default identities, reads an identity value from a workspace file, and persists fallback users in a local database when no explicit open-id is provided. For a child social-interaction analysis skill, silently creating and reusing identities is unrelated to core function and can enable unapproved account linkage, attribution confusion, and backend actions under fabricated or implicit identities.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The workspace/agent discovery logic enumerates execution context, locates workspace roots, and creates data/skills directories beyond what is needed for video behavior analysis. This broadens filesystem awareness and operational reach, which can facilitate cross-agent data access, persistence, or unintended interference with other workspace contents if combined with other code paths.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The default trigger is broad enough to activate whenever a user provides kindergarten/playground multi-person video for analysis, even if they did not specifically request this sensitive child-social profiling workflow. Over-triggering increases the chance of processing minors' data unexpectedly and invoking cloud/report features without sufficiently specific user intent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The keyword trigger list includes ambiguous terms such as social interaction, exclusion, developmental ability, and autism early screening without strong contextual constraints. This can cause unintended activation on sensitive educational or health-related conversations and route users into a higher-risk workflow than they asked for.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document specifies analysis of highly sensitive children's video and inferred social-behavior data, including stable child IDs, interaction pairs, loner candidates, and alert hints, but provides no privacy, consent, retention, access-control, or lawful-basis requirements. In a kindergarten context, this omission is dangerous because operators may deploy the system in ways that enable intrusive profiling of minors, unauthorized surveillance, or stigmatizing labels without safeguards.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script accepts a local file path or remote URL and passes it into the analysis workflow without clearly informing the user whether the content will be uploaded to a remote service. In this skill’s context, the data is video from kindergartens/early-education centers involving children, so undisclosed transmission creates elevated privacy and compliance risk because highly sensitive footage may leave the local environment unexpectedly.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code reads the entire local file and forwards it to an external analysis service without any user-facing notice in this skill logic. Because the content is video of children in sensitive environments, silent transmission materially increases privacy and compliance risk if users are unaware that local footage leaves the device or local environment.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
When given a remote URL, the skill submits that reference to the analysis service without any user-facing disclosure about the network transfer or downstream retrieval. In the context of child social-interaction analysis, undisclosed external processing of URLs tied to sensitive video sources creates meaningful privacy, governance, and potential third-party data exposure concerns.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The request wrapper automatically attaches user identifiers and auth tokens to outbound HTTP requests without any visible disclosure, consent gate, or per-endpoint minimization. In a skill dealing with children and educational environments, silent transmission of identity and credential material is especially sensitive because operators may not expect account-linked telemetry or external service interactions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The utility reads data/smyx-api-key.txt and treats its contents as identity data without any visible notice or validation in this file. Pulling identity from ambient workspace state can cause confusing implicit authentication, accidental account binding, and unauthorized use of credentials that an operator did not intend this skill to consume.

External Transmission

Medium
Category
Data Exfiltration
Content
"source": ConstantEnum.DEFAULT__SKILL_HUB_NAME
            }
            try:
                _response = requests.post(_url, json=_data)
                if _response.status_code == 200:
                    _response_json = _response.json()
                    if _response_json and _response_json.get("success"):
Confidence
97% confidence
Finding
requests.post(_url, json=

Hidden Instructions

High
Category
Prompt Injection
Content
| 📚 文档读取 | 仅在需要时读取参考文档,保持上下文简洁 |
| 📁 格式支持 | 输入要求:支持 mp4/avi/mov 视频,最大 10MB;建议固定俯视/广角,覆盖完整活动区域 |
| 🔎 使用提醒 | 距离 1 m 阈值的精度依赖标定信息,若未提供场地标定将采用经验估算,建议同条件下纵向对比趋势 |
| 🧑‍⚖️ 结果性质 | 统计结果仅作为教师/家长教育辅助参考,本工具不替代儿童心理/发育评估;如怀疑孤独症等发育异常请前往专业医疗机构 |
| 🔏 隐私合规 | 隐私合规:幼儿园多人视频涉及未成年人隐私,使用前需取得监护人/园方知情同意,并妥善保管/加密相关录像 |
| 🚫 脚本限制 | 禁止临时生成脚本,只能用技能本身的脚本 |
| 🌐 网络地址 | 传入的网络地址参数,不需要下载本地,默认地址都是公网地址,api 服务会自动下载 |
Confidence
74% confidence
Finding

YARA rule 'agent_skill_mcp_tool_poisoning_metadata': MCP/tool metadata poisoning indicators in tool schemas or skill manifests [agent_skills]

High
Category
YARA Match
Content
---
name: "smyx-child-social-interaction-analysis-analysis"
description: "Using fixed cameras in kindergartens or early-education centers, the system analyzes multi-person video to detect social-interaction behaviors among children, including approach (distance < 1 m), conversation (face-to-face with mouth movement), and cooperative play (collaborative play, chasing, etc.). | 通过幼儿园或早教中心的固定摄像头,分析多人视频,检测儿童之间的社交互动行为,包括接近(距离<1米)、对话(面对面且嘴部运动)、共同游戏(合作玩耍、追逐等)。系统定期生成社交互动热力图,为教师提供参考。"
version: "1.0.5"
license: "MIT-0"
---
Confidence
71% confidence
Finding
description:; ‍

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
skills/smyx_common/scripts/config-dev.yaml:2