Back to skill

Security audit

Elderly Sleep Nightmare / Startle Detection | 老年人睡眠中间惊醒/梦魇行为识别

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly aligned with sleep-video analysis, but it sends sensitive bedroom media to cloud services and silently manages account identity and tokens.

Review carefully before installing. This skill may upload bedroom video/audio or a provided video URL to external Life Emergence/Open API services, associate reports with an internal user identity, create or reuse a local user record, store access tokens in a local SQLite database, and retrieve cloud history reports. Use it only with explicit consent from the recorded person and with confidence in the provider's data handling and retention practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (25)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises no declared permissions, yet the documentation clearly instructs use of shell execution, local file handling, network access, and likely environment/config usage. This creates a transparency and governance gap: a reviewer or runtime policy may under-estimate what the skill can do, especially given the sensitive bedroom video and audio data involved.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The documented scope expands from sleep-event detection into cloud history-report retrieval and report-link output, which is materially different from the manifest description. That mismatch can cause users and orchestrators to invoke a skill expecting local analysis while it also performs remote data retrieval tied to prior reports.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill extends outputs beyond simple detection and recording into behavior-pattern inference and risk grading. In a health-related context, this raises the sensitivity and consequence of outputs because users may treat inferred patterns or risk levels as quasi-clinical conclusions despite the later disclaimer against diagnosis.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Automatic internal identity association and creation of a default local user are unrelated to the narrow task of analyzing a provided sleep video, and they introduce silent account linkage for highly sensitive health-adjacent bedroom surveillance data. If misused or misconfigured, reports could be attached to the wrong person, enabling privacy breaches, cross-user data exposure, or unauthorized persistence.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill requires cloud API usage and remote historical-report lookup even though the manifest frames the capability as focused event analysis. This unjustified expansion increases data exposure and creates an unexpected remote dependency for a workflow involving intimate audio/video from a bedroom.

Intent-Code Divergence

Medium
Confidence
80% confidence
Finding
The documentation mixes event detection with diagnostic-style behavior patterning and early disease-warning language while also disclaiming medical diagnosis. This inconsistency can mislead users into over-trusting the output and can drive inappropriate health decisions based on an unvalidated consumer surveillance workflow.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill accepts arbitrary HTTP/HTTPS video URLs and forwards them to the analysis backend, even though the described use case is fixed-camera bedroom monitoring. This expands the trust boundary and can enable analysis of unintended third-party content, SSRF-like backend fetch risks depending on the downstream service, and privacy/compliance issues because the source of the video is not constrained.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The CLI accepts arbitrary remote URLs even though the stated skill purpose is fixed-camera bedroom sleep analysis. This expands the data ingestion surface beyond the declared scope and can enable misuse such as analyzing unrelated third-party content or causing backend retrieval of attacker-controlled URLs, especially if the downstream service fetches them server-side.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The script binds operations to an OpenID-based identity context without clearly tying that identity use to the user-facing purpose of local sleep-video analysis. In a medical-adjacent elderly monitoring context, identity-linked video analysis history can expose sensitive behavioral data if users are not clearly informed or if identity scoping is broader than necessary.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
This shared config code ingests runtime identity values from environment variables and stores them into global class state, even though the stated skill purpose is local elderly sleep-event analysis from camera/audio input. That creates an unnecessary pathway for collecting or propagating user identifiers across the skill runtime, increasing privacy risk and enabling unintended identity coupling if downstream code logs, transmits, or reuses these values.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The file implements a reusable user-account DAO, including account lookup and update behavior, even though the declared skill purpose is narrow elderly sleep-event analysis from camera and microphone data. This functionality expands the data-handling surface beyond stated need, increasing privacy, misuse, and unintended retention risks in a highly sensitive health-monitoring context.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The User model stores direct identifiers and authentication artifacts including username, realname, email, token, and open_token without any justification from the skill's stated function of detecting nightmare-like nighttime events. In a bedroom-monitoring elderly-care setting, collecting and storing excess identity and token data materially increases privacy and account-compromise impact if the local database is exposed.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
This utility performs broad outbound HTTP requests, token handling, and remote account bootstrap logic that materially exceeds the stated purpose of local elderly sleep-event analysis. In the context of a bedroom camera and microphone skill, undisclosed network transmission and backend coupling create a significant privacy and supply-chain risk because sensitive identifiers and potentially derived monitoring metadata can be sent to external services unrelated to the manifest.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code reads identity material from the workspace and creates or persists user identities even though the skill is described as sleep-behavior detection from bedroom audio/video. That mismatch is dangerous because it silently binds a highly sensitive monitoring workflow to account state, enabling hidden identity tracking, cross-skill linkage, and unauthorized use of local identity artifacts.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The helper auto-registers or logs in a remote user through /sys/phoneLogin with silent and register flags, which is unrelated to detecting nightmares or arm-thrashing events. Silent remote identity creation is especially risky in this context because it can occur without informed consent while processing intimate in-home monitoring data, enabling covert account generation and backend correlation of user activity.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The history-report trigger phrases are broad enough that ordinary user requests about reports or sleep monitoring could automatically invoke cloud history retrieval. In this context, unintended retrieval is especially risky because it may surface sensitive historical bedroom-monitoring data without sufficiently explicit user intent.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation does not clearly warn that uploaded files or provided URLs may be sent to a cloud/API service for analysis. Because the content is highly sensitive bedroom video and audio of an elderly person, this omission undermines informed consent and can lead to privacy, compliance, and trust failures.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
This skill processes highly sensitive bedroom audio/video of elderly people, including night-vision and microphone data, but presents no explicit privacy warning, consent notice, or local/remote data-handling disclosure before analysis. In this context, users may unknowingly submit intimate surveillance footage containing health and behavioral information, creating material privacy and compliance risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The URL-based path allows analysis of remote bedroom surveillance media without warning users that fetching or analyzing the URL may transmit highly sensitive elderly sleep audio/video to external services or backends. Because the skill context involves intimate health-adjacent monitoring in a private bedroom, the absence of disclosure materially increases the risk of unintended third-party exposure and regulatory/privacy violations.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill sends either a user-supplied remote video URL or raw local video file contents to an external analysis service without any visible user-facing notice, consent flow, or data-handling explanation in this file. Because the content is bedroom sleep footage with audio from elderly individuals, the privacy sensitivity is high and undisclosed transmission materially increases compliance and confidentiality risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends video inputs for analysis via an external skill/API path without any explicit warning, consent prompt, or clear disclosure that sensitive bedroom video and audio may leave the local environment. Because this skill processes elderly nighttime footage and screams/audio, the privacy sensitivity is unusually high and undisclosed transmission can create serious confidentiality and compliance risks.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Accessing environment variables for user identifiers and app-related identifiers without clear disclosure or strict necessity is a genuine privacy-sensitive issue, especially in a monitoring skill handling elderly bedroom video and audio. In this context, hidden identity ingestion increases the risk of covert tracking, correlation of sensitive health-adjacent observations with individuals, and unexpected downstream exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The request path can attach usernames, open IDs, access tokens, API keys, and authorization headers to outbound requests without any user-facing disclosure in this code. For a bedroom surveillance-style health monitoring skill, silent transmission of identifiers and auth material increases privacy risk and could expose account linkage or session secrets to unintended services, logs, or operators.

Missing User Warnings

Low
Confidence
90% confidence
Finding
Reading an internal identity value from a workspace file without nearby warning or consent is a privacy and transparency issue, especially because the skill's stated role is sensor analysis rather than identity handling. While lower impact than the network flows, it still creates hidden identity coupling and can feed subsequent remote authentication or tracking behavior.

External Transmission

Medium
Category
Data Exfiltration
Content
"source": ConstantEnum.DEFAULT__SKILL_HUB_NAME
            }
            try:
                _response = requests.post(_url, json=_data)
                if _response.status_code == 200:
                    _response_json = _response.json()
                    if _response_json and _response_json.get("success"):
Confidence
97% confidence
Finding
requests.post(_url, json=

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
skills/smyx_common/scripts/config-dev.yaml:2