ClawHub

Child Bedtime Soothing (Fear of Dark / Post-Nightmare) | 儿童睡前情绪安抚(怕黑/噩梦后)

Security checks across malware telemetry and agentic risk

Overview

This skill handles child bedroom audio/video but has broad cloud upload, identity, credential, and persistence behavior that is not tightly scoped or disclosed enough for such sensitive data.

Review carefully before installing. This skill may upload sensitive recordings of a child’s bedroom to cloud services, create or reuse account identifiers, store tokens locally, and keep/query historical reports. Install only if you can verify the backend, consent model, retention/deletion controls, dependency list, and that analysis is restricted to approved devices and bedtime-soothing outputs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (26)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The documentation expands the skill from real-time soothing into cloud-backed history retrieval and next-morning reporting, increasing collection, retention, and disclosure of child monitoring data beyond the stated purpose. Functionality creep is risky here because the monitored environment is a child's bedroom, making even secondary reporting highly privacy-sensitive.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs reading configuration files to extract an API key or open-id and reuse it for cloud API operations, which is credential handling unrelated to simple local soothing logic. This is dangerous because it encourages harvesting secrets from local files and can expose user identity, backend access, or cross-skill credentials if the files are broader than intended.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The analysis() method injects a petType parameter into requests for a child-bedroom soothing skill, and the inline logic/comment indicates code reuse from an unrelated pet domain. In a system handling children's bedroom audio/video, undeclared cross-domain parameters are a strong sign of misrouting or backend confusion, which can cause incorrect model selection, improper data handling, or transmission of sensitive child-monitoring data to the wrong analysis pipeline.

Intent-Code Divergence

High
Confidence
91% confidence
Finding
The inline comment explicitly documents pet-related behavior inside a child-bedtime monitoring skill, reinforcing that the code may have been copied from another domain without proper adaptation. In this context, where the system processes highly sensitive children's bedroom camera and microphone data, such a mismatch increases the risk of data being analyzed under the wrong business logic, retained in the wrong dataset, or sent to an unintended service.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented API is materially inconsistent with the stated skill purpose: instead of bedtime-soothing detection, it describes a generic remote video-analysis service that returns face detection and constitution/organ-style diagnostic results. In a child-bedroom monitoring context, this mismatch is dangerous because it suggests the skill may transmit intimate night-time video to an unrelated third-party analysis endpoint and process sensitive biometric or quasi-medical inferences outside the user’s expectations.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The response schema includes physiognomy or health-style diagnosis such as overall constitution, organ condition, complexion analysis, and health warnings, which are unrelated to soothing a child at bedtime. For a skill operating on children in bedrooms, generating such inferences from video is especially sensitive and could amount to unauthorized biometric or medical profiling of minors, creating serious privacy, compliance, and misuse risks.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill accepts arbitrary HTTP(S) video URLs even though the described functionality is a fixed in-room camera/microphone for child soothing. This expands the trust boundary and can cause the system to ingest unintended third-party, external, or attacker-controlled media, creating privacy, policy, and misuse risk beyond the declared purpose.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The implementation exposes a generic video-analysis interface that accepts arbitrary local files and URLs and can list analysis history by a user identifier, which is broader than the declared bedtime-soothing use case. In a child-bedroom monitoring context, this scope expansion increases the risk of misuse for unrelated surveillance or analysis of sensitive recordings without purpose limitation.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Accepting arbitrary network video URLs allows the tool to analyze content from any reachable source rather than only the fixed in-room monitoring devices described by the skill. In this context, that broad input surface can be abused to process third-party or highly sensitive footage, undermining privacy expectations and enabling function creep.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
This file exposes a generic API client that can POST, GET, PUT, and DELETE to caller-supplied URLs, which is substantially broader than the skill's stated purpose of local child-room monitoring and automatic soothing. In a children's bedroom context involving sensitive audio/video data, unrestricted network primitives increase the risk of unauthorized data exfiltration, hidden remote control paths, or future misuse by other components without clear allowlisting or purpose limitation.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The code performs unrestricted outbound network operations that are not reflected in the manifest, which describes monitoring and soothing behavior but does not disclose broad remote API access. Because the skill processes highly sensitive bedroom microphone and night-vision camera data from children, undisclosed network capability is especially dangerous: it creates a plausible path for covert transmission of intimate data or remote command-and-control beyond user expectations.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The shared configuration reads user identity and chat-platform identifiers from environment variables and stores them in globally accessible class attributes, even though this file's stated bedtime-soothing purpose does not require chat identity handling. In a child-bedroom monitoring context, unnecessary identity ingestion expands the data boundary and can enable unintended tracking, cross-context correlation, or misuse of sensitive identifiers by other code paths.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The file defines a generic user account store with username, email, birthday, token, and open_token fields, which is materially broader than the advertised child bedtime soothing function. In a children's bedroom monitoring context, collecting and persisting account identifiers and authentication tokens expands the data exposure surface and raises serious privacy and misuse concerns if the local database is accessed or repurposed.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The DAO initializes a local SQLite database automatically, creates tables, and performs schema mutation during object construction, which goes beyond the manifest's described sensing-and-soothing behavior. In a child-monitoring skill, undisclosed persistence is more sensitive because the system operates autonomously at night in a private bedroom, so silent local state creation can undermine user expectations and privacy transparency.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The generic request helper contains hidden account provisioning logic that can automatically register or log in a user via `/sys/phoneLogin` using a username/openId/mobile value unrelated to the bedroom-soothing feature. This creates an unexpected identity side effect and can cause unauthorized account creation, token acquisition, and backend access without explicit user consent or feature-level necessity.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
This utility performs broad outbound API communication, token management, tenant/user propagation, and payment-handling behavior that exceeds the declared purpose of a child bedroom monitoring/soothing skill. In a privacy-sensitive nursery context, such overbroad capability increases the attack surface and makes it easier for unrelated data flows or backend actions to occur under the guise of the skill.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The default trigger condition is broad enough to activate on essentially any uploaded bedroom audio/video, even without clear user intent to invoke this specific monitoring workflow. In a sensitive context involving minors and bedrooms, over-broad triggering can cause accidental analysis and transmission of intimate recordings.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill description does not clearly warn users that children's bedroom audio/video may be monitored and sent to cloud services for analysis and reporting. Missing disclosure is especially dangerous here because the data involves minors in a private sleeping space, creating severe privacy, legal, and trust risks if users do not understand the collection and transmission scope.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The API accepts direct video uploads or public video URLs, but the documentation gives no warning, consent guidance, retention disclosure, or safeguards for transmitting sensitive bedroom footage. In this skill context, the data likely contains a child’s image, voice, sleep behavior, and room environment, so omitting privacy and security guidance materially increases the risk of over-collection, improper sharing, and unsafe deployment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code reads local video files into memory or forwards remote video URLs to an external analysis service without any visible user-facing disclosure, consent flow, or minimization controls. In a child-bedroom monitoring context, this is especially sensitive because it involves nighttime audio/video of minors, making silent transmission of intimate recordings a significant privacy and compliance risk.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The code sends video inputs to `skill.get_output_analysis(...)` without any visible notice, consent prompt, or disclosure that local files or remote media may be transmitted to an external analysis service. Because the skill processes bedroom audio/video involving children, lack of explicit transparency and consent materially raises privacy and data-protection risk.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
Accessing sensitive environment variables without clear purpose limitation or disclosure is risky because these identifiers can be propagated into runtime state and reused by unrelated components. In a child-monitoring skill, collecting extra identity metadata beyond what is needed for soothing increases privacy risk and makes any downstream compromise more harmful.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The code creates a file-backed SQLite database under a workspace data directory and runs ALTER TABLE automatically without any user-facing disclosure or consent mechanism. While not an exploit primitive by itself, this silent persistence and schema modification is risky in a privacy-sensitive child bedroom product because it stores data locally in a way users may not expect or manage securely.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The request utility automatically attaches `pnaUserName`, tenant identifiers, app identifiers, and authentication headers (`X-Access-Token`, `X-Api-Key`, `Authorization`) to outbound requests without any visible user disclosure or feature-specific need. In the context of a child bedroom monitoring skill, silent transmission of identity and auth context is especially sensitive because the application operates around minors and intimate home environments.

Ssd 3

Medium
Confidence
90% confidence
Finding
The skill directs retention and retrieval of prior user-associated night monitoring records, enabling disclosure of historical child-bedroom events tied to an identifier. This is dangerous because it creates a persistent surveillance record of a minor's private behavior and increases the blast radius of compromise or unauthorized access.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal