儿童情绪识别分析工具

Security checks across malware telemetry and agentic risk

Overview

This skill performs the advertised child media analysis, but it also sends sensitive child footage and user identifiers to remote services while silently creating or using accounts and storing tokens locally without clear disclosure.

Install only after confirming you have consent and authority to process the child-related footage. Treat uploaded media, public URLs, usernames or phone numbers, report history, and locally stored tokens as sensitive data sent to or linked with the configured LifeEmergence/Open API services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (21)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 84% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 84% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to search local workspace configuration files for an api-key/open-id before asking the user. Reading unrelated local config files to obtain credentials is a secret-harvesting pattern and exceeds what is necessary for ordinary media analysis, creating risk of unauthorized credential use or cross-skill data access.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The documented response schema is materially unrelated to the advertised child-emotion-recognition purpose: it returns face detection plus health, organ, constitution, and complexion diagnosis. This indicates either capability misrepresentation or hidden secondary analysis of children’s surveillance footage, which is especially sensitive because it expands processing into biometric and inferred health domains without justification.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: Inferring health or constitutional status from children’s video in a skill described as emotion recognition is unjustified and highly privacy-invasive. Even if unintended, exposing such outputs encourages collection and downstream use of sensitive biometric and health-like inferences that users would not reasonably expect from this skill.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: This file exposes add, edit, and delete operations for camera records, which goes beyond the manifest’s stated purpose of emotion recognition, soothing reminders, and parent notification. In a child-surveillance context, hidden device-management capabilities increase the risk of unauthorized modification or removal of monitoring configuration and violate least-privilege expectations.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: Camera administration is not evidently necessary for the described child-emotion-recognition use case, yet the code provides full record-management methods. In a daycare/home monitoring setting, unjustified administrative control is more sensitive because it can alter or remove surveillance resources tied to child safety and parental oversight.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill accepts arbitrary HTTP/HTTPS URLs and forwards them for analysis without any visible allowlist, domain restriction, or SSRF-oriented validation. In a child-surveillance context, this expands the trust boundary from local caregiver-provided footage to any remote source, enabling covert ingestion of third-party video, privacy violations, and possible abuse of backend fetch behavior.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The file defines a generic `ai_chat(prompt, session_id, timeout)` capability that is unrelated to the declared child-emotion-recognition purpose. This expands the skill's effective behavior from narrow video/emotion analysis into arbitrary LLM/agent interaction, creating unnecessary attack surface and enabling misuse beyond the advertised function.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Accepting an arbitrary `prompt` for agent execution is unjustified for a surveillance-based child emotion detection skill and allows repurposing the component as a general agent runner. In a sensitive environment such as homes or daycare settings, this mismatch is more dangerous because it may process or expose surveillance-derived context through an unconstrained prompt channel.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The HTTP utility silently performs user lookup, auto-registration/login against an external health API, retrieves tokens, and persists them locally via the DAO layer. That behavior is broader than a child-emotion-recognition skill's stated purpose and creates undisclosed identity, account, and credential handling risk if triggered during normal skill use.

Context-Inappropriate Capability

Low

Confidence: 83% confidence
Finding: The helper returns billing and installation guidance for another skill ('安装支付技能 smyx-payment') when a 402 condition occurs, which is unrelated to the declared function of this skill. While not directly exploitable on its own, it indicates hidden cross-skill behavior and unnecessary coupling that can mislead users and expand the operational scope beyond emotion recognition.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger logic is broad enough to auto-activate on common requests involving child emotion analysis, which can cause unintended execution against sensitive uploaded media. In this context, overbroad triggering increases the chance that surveillance footage of children is processed, stored, or sent to backend services without sufficiently explicit user intent.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: Automatic history-report queries based on broad keywords can expose prior analysis metadata or report links without strong confirmation that the user intended account-specific history retrieval. Because these reports concern children and surveillance-derived emotional assessments, accidental disclosure has heightened privacy sensitivity.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill says uploaded files are automatically saved locally, but does not present a clear user-facing warning, retention policy, or deletion behavior. With surveillance footage of children, undisclosed local storage materially increases privacy and data-handling risk even if used only for processing.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill is designed to process surveillance media of children and send media/report data through cloud or API services, yet the documentation lacks a prominent privacy and consent warning. This is particularly dangerous because it involves highly sensitive biometric/behavioral inference about minors, where cloud transmission can create serious confidentiality, compliance, and misuse risks.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation instructs users to send video files or public video URLs plus an API key, but provides no privacy, retention, encryption, consent, or credential-handling guidance. Because the skill targets homes, kindergartens, and daycare settings involving minors, missing safeguards around surveillance footage and authentication materially increases the risk of unauthorized disclosure and misuse.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: This code sends either local file contents or a user-supplied remote video URL to an analysis service, but there is no visible user-facing notice, consent checkpoint, or data-handling warning in the flow. Because the skill processes surveillance footage of children, silent transmission materially increases privacy, legal, and compliance risk, especially in homes, daycares, and schools.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The CLI requires an open_id that may be a user ID, username, or phone number and forwards it into remote analysis and history-list operations without any visible privacy notice, minimization, or masking. In a child-surveillance context this is more sensitive because the identifier can be linked to behavioral or emotional monitoring records, increasing privacy and compliance risk if logged, intercepted, or mishandled.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This code automatically attaches user identifiers and authentication material to outbound requests, including pnaUserName, X-Access-Token, X-Api-Key, Authorization, and other tenant/platform metadata, without any disclosure mechanism in this file. In a child-surveillance/emotion-recognition context, undisclosed transmission is especially sensitive because it may involve parents, operators, or institutions handling children's data workflows.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The nested _get_or_create_user function performs a silent login/registration call with 'silent': 1 and 'register': 1, sending openId/mobile/source to an external service without an explicit user action. Silent account creation is a clear undisclosed side effect and can create unauthorized accounts, unexpected data sharing, and compliance issues.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal