Autism Stereotyped Behavior Detection (Spinning / Hand-Flapping) | 自闭症儿童刻板行为识别（转圈/摆手）

Security checks across malware telemetry and agentic risk

Overview

The skill has a plausible child-behavior video analysis purpose, but it asks for and handles sensitive videos, identifiers, credentials, cloud records, and local tokens in ways that are broader and less clearly controlled than users would expect.

Review carefully before installing. Only use this with explicit guardian consent, non-sensitive test media first, and a dedicated open-id that is not an API key, phone number, or reusable credential. Avoid installing until the publisher removes api-key-as-open-id handling, documents the exact cloud endpoints/data retention, secures token storage, narrows triggers, removes unrelated camera CRUD/payment flows, and fixes the invalid dependency.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (22)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 80% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 80% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill expands from video analysis into cloud retrieval of historical reports and direct rendering of remote report URLs. For a pediatric health-adjacent workflow, this creates additional access to potentially sensitive records that is not tightly scoped to the immediate user task and increases the chance of over-collection or unauthorized disclosure.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill instructs reading workspace configuration files to obtain an 'api-key' and reuse it as a user's 'open-id'. This crosses a clear boundary between machine secrets and user identity data, enabling unintended secret extraction from local files and misuse of privileged configuration values in outbound requests.

Intent-Code Divergence

Medium

Confidence: 83% confidence
Finding: The documentation claims the skill only outputs objective visual statistics, yet elsewhere it instructs querying and displaying historical rehabilitation/evaluation records from the cloud. This inconsistency can mislead users and reviewers about actual data access, especially in a child-sensitive medical/behavioral context.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The skill manifest describes video behavior analysis and reporting, but this file exposes full CRUD-style backend operations including add, edit, and delete. That expands the skill's effective authority beyond passive analytics into remote resource management, which creates an unnecessary attack surface and increases the risk of unauthorized modification or deletion of managed entities.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The delete method operates on a camera-scoped identifier (cameraSn), indicating the skill can manage or remove camera-associated resources. In a skill framed as autism behavior detection and reporting, undisclosed camera management capability is especially sensitive because it touches monitoring infrastructure in homes or care settings and could disrupt observation or data collection.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The API documentation is materially inconsistent with the skill's declared purpose. Instead of describing autism stereotyped-behavior detection, it documents a generic video-analysis endpoint that returns face detection and quasi-medical constitution/organ assessments, which suggests either capability misrepresentation or reuse of unrelated medical-analysis infrastructure. In a child-monitoring context, this mismatch is dangerous because integrators may send sensitive pediatric videos to a service performing undisclosed biometric and health inference processing.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The documented response claims to infer health/constitution and organ-condition data from video, which is unrelated to the stated autism behavior-monitoring use case and is not justified by the provided skill context. This creates significant privacy, consent, and safety risk because users may unknowingly expose children to hidden biometric profiling or pseudo-medical inference under the guise of behavioral analysis.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The manifest frames the skill as analyzing fixed-camera/local rehabilitation videos, but the implementation also accepts arbitrary HTTP/HTTPS URLs and forwards them for backend analysis. In a healthcare-adjacent context involving children, this broadens the trust boundary and can enable processing of unvetted third-party content, server-side fetching behavior, and privacy/compliance issues that users would not reasonably expect from the stated functionality.

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The skill exposes a report-listing function that is outside the narrowly described behavior-detection task and can enumerate prior analysis records, including report identifiers and export URLs. In this pediatric behavioral-health context, that creates unnecessary access to potentially sensitive historical data and increases the risk of cross-user data exposure if authorization is weak elsewhere in the stack.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: This file implements a generic persistent DAO and a user/account table even though the declared skill purpose is autism behavior-video analysis and reporting. That capability mismatch increases the attack surface and creates unnecessary collection and storage of user-related data, which is especially concerning in a health-related context involving children.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The User model stores token and open_token fields despite the manifest describing only behavior recognition and reporting. Retaining account/token material without a clear need broadens the consequences of local compromise and is more dangerous here because the application domain involves sensitive child behavioral/health-adjacent data.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The request utility performs remote phone-login/account creation, fetches tokens, and persists them locally via DAO logic, which is materially broader than a video-analysis/reporting skill's stated purpose. This creates an undisclosed identity, authentication, and data-exfiltration path that could enroll users in backend services and store credentials without explicit consent or clear necessity.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The code injects a payment/recharge workflow when it receives status 402, including instructions to install another payment skill. For an autism behavior-detection skill, this is unrelated functionality and indicates hidden monetization or cross-skill redirection that users would not expect from the declared behavior-analysis scope.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The default trigger activates on broadly described uploaded child-behavior videos, which can cause the skill to run without sufficiently specific user intent. In a workflow involving minors' videos and health-related analysis, overbroad triggering increases the risk of processing sensitive media unexpectedly and transmitting it to a remote service.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill instructs sending videos and identifiers to an external API but does not prominently disclose that transfer in the user-facing description. Because the content involves children and potentially health-related behavioral data, omission of remote-transmission notice materially undermines informed consent and privacy expectations.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The code submits local video files or remote video URLs to an API service without any user-facing disclosure in this file about network transmission, retention, or third-party processing. Because the videos concern children and autism-related behavioral monitoring, silent transmission materially raises privacy, consent, and regulatory risk.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The code invokes network-facing analysis/list functions using a user-supplied open_id without any visible privacy notice, minimization, or consent handling in this entrypoint. In this skill’s context, the identifier is tied to highly sensitive child behavioral/health-related video analysis, so transmitting or associating it with backend operations increases privacy and compliance risk if users are not clearly informed and protected.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The model persists token and open_token values directly into a local SQLite database with no visible encryption, minimization, or access-control safeguards in this file. If the host is compromised, backups leak, or filesystem permissions are weak, these credentials can be stolen and used to access connected services or user accounts.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This utility automatically transmits identifiers such as username/openId/mobile and authentication material such as access tokens to remote services, while also augmenting payloads with platform and tenant metadata. In a sensitive child-behavior monitoring context, undisclosed network transmission and token handling materially increase privacy and account-compromise risk.

Ssd 3

High

Confidence: 99% confidence
Finding: The workflow explicitly tells the agent to read local config files and reuse an 'api-key' as the user's 'open-id'. This is dangerous because it normalizes secret harvesting from the filesystem and repurposes credentials as user identifiers, which can leak privileged values, break audit integrity, and enable unauthorized API access under the wrong identity.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal