Arrhythmia Early Warning Analysis Tool | 心律失常早期预警分析工具

Security checks across malware telemetry and agentic risk

Overview

This health-video analysis skill has a plausible core purpose, but it handles sensitive facial/health data, identifiers, remote accounts, and stored tokens with too much ambiguity for automatic approval.

Install only if you are comfortable sending facial video or video URLs to the LifeEmergence/SMYX remote service, linking reports to an open-id that may be a username or phone number, and allowing the skill to create local account/token storage. Prefer a pseudonymous identifier, avoid using real phone numbers where possible, and review/delete any bundled config secrets before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (26)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 77% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 76% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill describes capabilities including shell execution, network access, local file reads/writes, and environment/config access, but does not declare permissions or constrain them. In a medical-analysis skill handling videos and user identifiers, this creates an avoidable trust gap and increases the chance of unintended data access or exfiltration through hidden or overly broad behavior.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to obtain an open-id from local config files or, failing that, from user identifiers such as username or phone number, even though arrhythmia screening only requires video input and a legitimate session identifier. This mixes secrets and personal data, risks unauthorized reuse of stored credentials, and expands collection of sensitive identifiers beyond what is necessary for the stated function.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The documentation tells the agent to read an api-key from config and use it as open-id, while elsewhere treating --api-key and --open-id as separate parameters. This confusion can cause credential misuse, leaking or replaying authentication secrets as user identifiers, and may result in reports being queried or stored under the wrong identity.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill claims to perform arrhythmia analysis from facial video, but this file also exposes generic record-management operations such as list, add, edit, page, and delete. That creates unnecessary capability beyond the declared purpose and can enable unauthorized data manipulation or broader backend interaction if the skill is granted access in a trusted environment.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The code injects a petType parameter into requests even though the skill is described as a human heart-arrhythmia early warning tool. This mismatch strongly suggests code reuse or hidden cross-domain behavior, which increases the risk of sending data to an unintended model path, misclassifying medical inputs, or violating user expectations about how sensitive health data is processed.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The documented API endpoint and response schema do not match the declared skill purpose of arrhythmia early warning from facial video. Instead, the API returns generic 'constitution' and organ-condition outputs, which strongly suggests capability misrepresentation or unsafe medical-domain substitution; users could rely on irrelevant or misleading health results as if they were rhythm-analysis findings.

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The skill is described as early-warning arrhythmia analysis from facial video, but this file also exposes a remote deletion capability keyed by cameraSn with no visible business justification in the disclosed purpose. In a health-related context, unnecessary deletion functions increase the risk of destructive actions against analysis records or device-linked data, which could impair availability, auditability, or patient-safety workflows if invoked improperly.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill accepts arbitrary HTTP/HTTPS URLs and forwards them to the backend analysis service without restricting domain, content type, or tying the behavior to the declared local facial-video use case. This can enable misuse of the skill as a generic remote-content fetch/processing proxy and may cause unexpected access to third-party or internal resources depending on how the downstream service handles URLs.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill exposes a report-listing function that enumerates prior analysis records, which expands capability beyond single-video arrhythmia analysis into data retrieval. In a health context, listing historical reports can expose sensitive medical metadata or results across sessions or users if access control is weak elsewhere in the stack.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The script exposes a history-listing function keyed only by a supplied `open_id`, which goes beyond the stated purpose of single-video arrhythmia analysis and introduces access to prior analysis records. In a health-related context, this can expose sensitive medical-adjacent data if identifiers are guessed, reused, or provided without proper authorization checks in downstream services.

Description-Behavior Mismatch

High

Confidence: 91% confidence
Finding: This file exposes broad generic HTTP and CRUD helpers, including arbitrary URL posting, listing, editing, deletion, and download-URL retrieval, which are not clearly required for a facial-video arrhythmia analysis skill. In a medical-analysis context, this capability expansion is dangerous because it can be used as a hidden proxy to access unrelated backend services, manipulate remote data, or exfiltrate sensitive information under the guise of the skill.

Context-Inappropriate Capability

Medium

Confidence: 85% confidence
Finding: The ability to look up users by username is unrelated to arrhythmia detection from facial video and introduces unnecessary identity-access functionality. In a health-related skill, this increases risk of user enumeration, privacy violations, or lateral access to account-linked medical data if the helper is reachable by other parts of the skill.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: This file defines a generic user/account persistence layer, including identity and token fields, which is not clearly aligned with a skill advertised for arrhythmia analysis from facial video. In a medical-context skill, collecting and storing unrelated account data increases privacy risk, expands attack surface, and suggests unnecessary data handling beyond the declared purpose.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The User model stores authentication tokens together with personal identity data such as username, realname, email, birthday, sex, and age, without any visible safeguards such as encryption, minimization, retention control, or purpose limitation. In a health-related skill context, this creates elevated privacy and credential compromise risk if the local SQLite database is accessed or exfiltrated.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: This utility code automatically performs account creation/login against a remote health service, obtains tokens, and persists them locally through DAO operations. That behavior is unrelated to the stated arrhythmia-analysis purpose and silently binds skill execution to external account state, creating risk of unauthorized account provisioning, token misuse, and covert data linkage.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The utility exposes generic POST, PUT, and DELETE wrappers for arbitrary URLs, enabling remote state-changing operations far beyond a read-only facial-video analysis workflow. In the context of this skill, such broad mutation capability is unjustified and increases the chance of hidden side effects, abuse of authenticated sessions, or use as a proxy for unrelated actions.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The history-report trigger phrases are broad enough to invoke report-listing behavior automatically based on ambiguous user language. In a health context, this can surface prior medical-style reports without clear user intent, increasing the risk of privacy violations and accidental disclosure of sensitive historical data.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill says uploaded attachments or videos are automatically saved locally, but does not present a clear user-facing warning, retention policy, or storage limitation. Because facial videos are highly sensitive biometric/health-related data, silent local persistence materially raises the risk of privacy loss, unintended reuse, or later compromise of stored files.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to ask for a username or phone number as open-id for report storage/querying without a clear privacy warning or data minimization rationale. In a health-screening workflow, collecting direct identifiers alongside cardiac-risk reports can link medical inferences to real identities and increase harm from misuse or breach.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation instructs clients to upload facial videos or provide public video URLs to a remote endpoint, but it gives no warning about transmitting sensitive biometric and health-related data off-device. In a medical/health context this is especially risky because users may unknowingly expose highly sensitive personal data without informed consent or understanding of retention, sharing, or security practices.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The code uploads either full local file contents or a remote video URL to an external analysis service without any user-facing disclosure, consent flow, or visible privacy notice in this skill. Because the data is health-related facial video, undisclosed transmission materially increases privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The CLI accepts a remote video URL and forwards it into analysis without clearly informing users that the URL and associated content may be sent to an external service. For a medical-analysis skill handling potentially sensitive biometric/health data, lack of explicit disclosure undermines informed consent and can lead to unintended data sharing.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script requires `--open-id` for analysis and listing operations but does not disclose that this identifier is tied to remote operations and likely linked to analysis history. In a health-oriented skill, collecting and transmitting a personal identifier without clear notice increases privacy risk and the chance of correlating sensitive outputs to a real user.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal