Back to skill

Security audit

Pet Climbing Frame / Cat Tree Activity Heatmap | 宠物爬架/猫树活动热力图

Security checks across malware telemetry and agentic risk

Overview

The skill performs the advertised cloud pet-video analysis, but it also silently manages external identity, account login/registration, and local token storage.

Review this skill before installing. Expect pet videos or video URLs to be sent to lifeemergence.com services, and assume analysis history may be tied to a local or external identity. Install only if you accept silent account/session handling and local token storage, and avoid submitting sensitive household footage unless the publisher provides clearer privacy and retention terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
Findings (18)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            if offset:
                query = query.offset(offset)
Confidence
75% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            return query.scalar()
        finally:
Confidence
75% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises and instructs use of shell execution, local file handling, network access, environment-backed identity handling, and file output, yet declares no permissions. This creates a transparency and governance gap: users and hosting platforms cannot accurately assess what capabilities the skill will exercise before it runs.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script initializes an internal user identity via a hidden --open-id parameter and exposes a --list mode that retrieves prior analysis records by open_id, even though the stated purpose is only to analyze a provided pet video. Because this identity handling is suppressed from help output and not clearly disclosed, it creates an authorization and privacy risk: a caller or integrator could enumerate or access another user's analysis history if upstream controls are weak or absent.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
This module exposes broad generic HTTP/CRUD helpers (`add`, `edit`, `delete`, `http_get`, `http_post`, `http_put`, `http_delete`) that are not constrained to the stated pet heatmap-analysis use case. In a skill that may process user-supplied video URLs and invoke server-side APIs, such unrestricted request primitives expand the attack surface and can enable unintended internal/external API access, misuse of privileged service credentials, or repurposing of the skill for unrelated operations.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
This file defines persistent user-account storage and mutation logic, including identity fields and update flows, which is unrelated to a pet climbing-frame heatmap analysis skill. That scope mismatch increases the chance of unnecessary collection and retention of personal data and creates an avoidable attack surface if the skill or shared library is exposed to user-driven actions.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The User model stores token and open_token values in a local SQLite database even though the skill's declared function is pet activity analytics. Storing authentication-like secrets unnecessarily expands compromise impact: local file access, backup leakage, or cross-skill database sharing could expose credentials or bearer tokens that enable account access.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This utility provisions, resolves, caches, and persists user identities and tokens in shared local state even though the declared skill purpose is pet video heatmap analysis. That creates unnecessary identity coupling and credential handling, increasing the risk of account misuse, cross-skill tracking, and unauthorized API actions if the workspace or database is accessed by other components.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The HTTP helper can silently register or log in a user against an external health service via /sys/phoneLogin when tokens are absent, without clear user disclosure or need for cat activity analysis. In the context of this skill, this is especially dangerous because it expands from media analysis into opaque account creation and external identity linkage, enabling data transmission and actions unrelated to the advertised functionality.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill repeatedly states that local videos or remote URLs are sent to server-side APIs, but it does not present a clear user-facing warning about third-party/cloud processing, retention, and history-query behavior. Users may unknowingly submit sensitive household footage or internal URLs to external services, creating privacy and data-handling risks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow says uploaded attachments are automatically saved as local files, but it does not clearly warn users that their media will be written to disk. Local persistence of videos can expose private footage to other processes, backups, or later unintended reuse if storage location and lifecycle are not controlled.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code calls OpenIdUtil.resolve_current_open_id(args.open_id, use_current=bool(args.open_id)) while intentionally hiding --open-id from the help text. Hidden identity resolution is dangerous because it introduces undisclosed user-context switching or impersonation behavior that operators may not notice, increasing the chance of unauthorized data access or cross-user operations.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The skill supports analyzing a network video URL and passes the input into downstream analysis logic that, per the skill description, calls server-side APIs. That means user-supplied video content or URLs may be transmitted to remote services without explicit runtime disclosure or consent in the CLI flow, creating privacy and data-handling concerns, especially for camera footage from homes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code reads the entire local video file into memory and uploads it to a server-side analysis API, but this file contains no visible consent prompt, disclosure, or user-facing notice at the upload point. Because pet monitoring videos may capture people, homes, or other sensitive environmental details, silent transmission creates a real privacy and compliance risk even if the feature is functionally intended.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The `delete` method performs an HTTP POST-based destructive operation with no guardrails, confirmation semantics, or indication of what resources may be deleted. When combined with the generic API wrapper design, this makes it easier for other code paths to trigger state-changing or destructive backend actions without clear safety boundaries, especially if request targets or payloads can be influenced indirectly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code reads a sensitive workspace credential/identity file (data/smyx-api-key.txt) and uses its contents as an internal identity source without disclosure to the user. In a pet-video analysis skill, silently consuming local credential material is unjustified and increases the risk of covert account binding, unintended impersonation, and reuse of secrets across unrelated operations.

External Transmission

Medium
Category
Data Exfiltration
Content
"source": ConstantEnum.DEFAULT__SKILL_HUB_NAME
            }
            try:
                _response = requests.post(_url, json=_data)
                if _response.status_code == 200:
                    _response_json = _response.json()
                    if _response_json and _response_json.get("success"):
Confidence
97% confidence
Finding
requests.post(_url, json=

YARA rule 'agent_skill_mcp_tool_poisoning_metadata': MCP/tool metadata poisoning indicators in tool schemas or skill manifests [agent_skills]

High
Category
YARA Match
Content
---
name: "smyx-pet-climbing-frame-heatmap-analysis"
description: "Triggers when a user provides a cat climbing frame / cat tree area video URL or file for analysis; supports local video uploads or network URLs to call server-side APIs for multi-region activity recognition, analyzing dwell time on each layer, jump/transition counts, and generating a 2D activity heatmap to evaluate exercise volume and mental wellbeing (without diagnosing diseases). Application scenarios: cat climbing frame + camera, pet behavior monitoring, cat health management. Development reason: quantify cat activity distribution and enrichment usage. | 当用户提供猫爬架/猫树区域的视频URL或文件时,触发本技能进行活动热力图分析;支持通过上传本地视频或网络视频URL,调用服务端API进行多区域活动识别,分析各层停留时长、跳跃/转移次数,生成2D活动热力图,用于评估运动量与心理健康(不诊断疾病)。应用场景:猫爬架+摄像头、宠物行为监测、猫咪健康管理。"
version: "1.0.3"
license: "MIT-0"
---
Confidence
74% confidence
Finding
description:; ‍

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
skills/smyx_common/scripts/config-dev.yaml:2