ClawHub

Child Hazardous Behavior Recognition Tool | 儿童危险行为识别分析工具

Security checks across malware telemetry and agentic risk

Overview

This skill has a plausible child-safety purpose, but it handles sensitive child video, identities, API keys, accounts, and report history with unclear boundaries and mismatched backend documentation.

Review before installing. Only use this with videos and identifiers you are allowed to send to the LifeEmergence/SMYX remote services, rotate or remove the bundled API key, avoid using phone numbers or real names as open-id values, and treat generated history/export links as sensitive. The package should be updated to use a purpose-specific child-safety API contract, remove unrelated health/pet docs, add explicit consent and retention terms, and avoid local token storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (27)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation clearly directs use of shell commands, local file reads/writes, network access, and environment/workspace paths, yet no permissions are declared. This creates a mismatch between the skill's apparent capabilities and its trust boundary, making it easier for an operator or platform to invoke sensitive actions without transparent consent or review.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs reading local configuration files in the skill directory and a shared workspace directory to obtain an 'open-id', even though the business purpose is video hazard recognition. Accessing unrelated local config files can expose secrets or identifiers from other skills/components and expands the attack surface beyond what is necessary for the task.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The document says to read an `api-key` field and use it as `open-id`, conflating an authentication secret with a user identifier. This can cause secret exfiltration to downstream commands or remote APIs, misuse credentials as identity, and blur security boundaries in a way that is especially dangerous if the API key belongs to another component or shared workspace.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The file documents pet health analysis APIs even though the skill is described as child dangerous behavior recognition. This kind of domain mismatch can cause the agent or integrators to call unrelated endpoints, expose the wrong data domain, or wire the skill to unintended backend capabilities, which is especially risky in a child-safety context where alerts must be accurate and purpose-bound.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill exposes a history/listing function for prior analyses keyed by an `open_id`, even though the stated purpose is real-time child-danger recognition. In a child-safety context, historical analysis records can reveal sensitive behavioral, household, or surveillance data, and the code shows no authorization, scope restriction, or consent checks before retrieving them.

Context-Inappropriate Capability

Low
Confidence
80% confidence
Finding
The function generates a direct export URL for analysis details, extending the skill from live detection into report retrieval/export. If the `request_id` is predictable or insufficiently protected server-side, this can enable unintended sharing or access to sensitive child-monitoring reports.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The documented API endpoint and response schema do not match the declared skill purpose of child dangerous-behavior recognition. Instead of returning behavior-risk detections, it returns face-related and health/constitution diagnosis data, indicating either the wrong backend is being invoked or the skill may transmit children's videos to an unrelated biometric/health analysis service. In a child-safety context, this mismatch is especially dangerous because it can cause unauthorized processing of minors' sensitive data while silently failing to deliver the promised safety monitoring.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The implementation accepts arbitrary local files and remote video URLs and forwards them to a generic analysis backend, while the manifest presents a narrowly scoped child-dangerous-behavior recognition skill. This capability mismatch is security-relevant because it broadens what data can be exfiltrated or processed under misleading expectations, increasing the chance of unintended surveillance, privacy violations, or misuse of the skill as a generic media-analysis proxy.

Description-Behavior Mismatch

Low
Confidence
86% confidence
Finding
The skill exposes report listing and export-link generation features that are not described in the manifest's real-time alerting purpose. Undisclosed history and export functionality can reveal prior analyses or enable unintended access/sharing of generated reports, especially if identifiers or access control are weak elsewhere in the stack.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The file exposes a history-listing function keyed by `open_id`, while the stated skill purpose is real-time child-dangerous-behavior recognition. If authorization is weak in the backend or callers can supply arbitrary identifiers, this creates a privacy risk by enabling access to prior analysis records or video-derived metadata for other users.

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
This file implements a generic API client with add, edit, delete, and arbitrary HTTP GET/POST/PUT/DELETE helpers that accept caller-controlled URLs, which materially exceeds the stated child-dangerous-behavior recognition purpose. In a safety-monitoring skill, this broad network surface can be repurposed by other components to reach unrelated services, perform unauthorized actions, or expand the blast radius of any prompt/code injection elsewhere in the skill.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The http_post/http_put/http_get/http_delete methods expose direct remote access to caller-supplied URLs with no visible restriction in this file. In the context of a child-safety recognition skill, arbitrary outbound HTTP is unjustified and increases the risk of SSRF-like access, data exfiltration, unauthorized third-party calls, or use of the skill as a generic network proxy.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The get_user_by_username capability is unrelated to recognizing dangerous child behavior and suggests access to identity or directory data outside the declared scope of the skill. Unnecessary user-lookup functionality violates least privilege and can enable privacy exposure, account enumeration, or lateral use of this shared module for unrelated data access.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This file defines a generic user-account persistence layer, including identity fields and account lookup/update operations, which is unrelated to a child dangerous-behavior recognition skill. In a safety-monitoring context, collecting and managing user accounts expands the attack surface and enables unnecessary retention of personal data without clear functional justification.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The User model stores token and open_token values, which appear to be authentication or API bearer material, despite the skill being described as child-safety behavior recognition. Storing sensitive tokens locally in a generic SQLite database materially increases the risk of credential theft, lateral access, and privacy compromise if the host or database file is exposed.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The utility implements broad remote login/account provisioning and tokenized API access that is not narrowly scoped to the declared child-danger recognition purpose. In a child-safety monitoring skill, this hidden general-purpose backend access expands the data exposure and abuse surface, enabling silent transmission of identifiers, token reuse, and unintended backend actions.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code silently creates or logs in users against a health backend using mobile/openId-derived identifiers, behavior that is unrelated to child dangerous-behavior recognition. This can expose personal identifiers to a remote service without informed consent and creates accounts/tokens that may later be abused or correlated across services.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are broad enough to auto-invoke on generic references to child safety, reports, or uploaded video, increasing the chance of unintended execution. In a skill that handles sensitive videos and remote API calls, accidental triggering can lead to unnecessary data processing or disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states that uploaded attachments or video files will be automatically saved locally, but it does not provide a clear user-facing warning, retention policy, or access-control explanation. Because the content may depict children in private settings, silent local persistence materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill sends video URLs/files and an identifier to a cloud API for analysis, but the documentation does not clearly warn users that potentially sensitive child-monitoring footage and metadata are transmitted off-device. Given the subject matter, this creates significant privacy exposure and possible regulatory issues if users are not clearly informed.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The analysis function forwards user-supplied local file references or remote video URLs to an external analysis component without any explicit privacy notice or data-transfer transparency. Because the content concerns children in homes, nurseries, or kindergartens, the transferred media is highly sensitive and may contain regulated personal data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The CLI requires and propagates sensitive identifiers such as OpenID, user ID, username, or phone number, but gives no warning or safeguards around collection, exposure, or storage. In this context, linking child-safety analysis with personal identifiers materially increases privacy risk and can enable correlation of surveillance data to specific families or individuals.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The API documentation instructs clients to upload MP4 videos or public video URLs and send an API key, but provides no privacy, retention, consent, or data-handling guidance. Because this skill is intended for child supervision in homes and nurseries, the transmitted data likely contains minors and sensitive visual information, making undocumented collection and third-party transfer a meaningful privacy and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code reads arbitrary local file contents and uploads them to an analysis API, but there is no visible user-facing warning, confirmation step, or consent mechanism in this file. In a child-safety context, uploaded videos may contain highly sensitive footage of minors and household interiors, making silent transmission to a remote service a meaningful privacy and compliance risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script requires an `--open-id` that may contain OpenID, user ID, username, or phone number, all of which are sensitive identifiers, yet there is no visible consent notice, minimization, masking, or privacy disclosure in this client. In a child-safety context involving potentially sensitive video analysis, collecting and transmitting personal identifiers increases privacy and regulatory risk if mishandled.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal