ClawHub

Child Happy Moment Capture & Positive Reinforcement | 儿童开心时刻识别与正向激励

Security checks across malware telemetry and agentic risk

Overview

This skill handles children's camera footage and has under-disclosed cloud, identity, health-analysis, and persistence behavior that should be reviewed before installation.

Install only after the publisher documents the exact cloud service, retention/deletion rules, consent workflow for every child recorded, and whether any health or biometric inference is performed. Require scoped credentials instead of local api-key lookup, disable silent account creation/token storage, restrict remote video URLs to trusted signed sources, and verify that public or classroom use has enforceable guardian consent and redaction controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to retrieve an open-id/api credential from local configuration files before processing. Reading local config secrets unrelated to the immediate user request creates a credential-harvesting path and can expose workspace-wide tokens to a skill handling sensitive child video data and cloud APIs.

Intent-Code Divergence

Medium
Confidence
76% confidence
Finding
Although the skill says it will not perform psychological analysis, it still infers social context and trigger context such as parent/peer/teacher presence or praise/reward causes. In a children's monitoring system, these contextual inferences expand profiling beyond simple event detection and can lead to sensitive behavioral interpretation under a misleading safety claim.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The API client injects a petType parameter into analysis requests even though the skill manifest describes child happy-moment detection, not pet analysis. This capability mismatch is a security and privacy concern because it suggests hidden or undocumented processing behavior, which can lead to unauthorized data use, misleading disclosures, and policy evasion in a highly sensitive child-monitoring context.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The API documentation describes sending child video to a generic remote analysis endpoint that returns face detection and medical/physiological-style outputs such as constitution, organ condition, and health warnings, which are unrelated to the stated 'happy moment capture' purpose. In a child-focused camera skill, this indicates undocumented scope expansion and possible sensitive inference on minors, creating serious privacy and misuse risk.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The documented response includes remote health/constitution assessment derived from video, which is unjustified for a skill intended only to detect laughter, clapping, jumping, and other happy reactions. Inferring health-like attributes from children's imagery is highly sensitive, especially for minors, and could enable profiling, deceptive medical claims, or unauthorized biometric/health processing.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The script accepts arbitrary remote video URLs via `--url` and forwards them to the analysis backend without any visible allowlisting, scheme restriction, or origin validation. In a video-processing system, this can expand the attack surface to server-side fetching of attacker-controlled URLs, enabling misuse such as internal resource access, unintended data ingestion, or analysis of out-of-scope content—especially sensitive in a child-monitoring context.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The request helper can silently create or log in a user via `/sys/phoneLogin`, derive identity from `API_SECRET_KEY` or current username/open ID, and then persist returned tokens in local storage through the DAO. That is a powerful identity and account-management capability unrelated to a child happy-moment capture utility, and it expands the blast radius to unauthorized account provisioning, token harvesting, and cross-skill impersonation if misused.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill description normalizes continuous monitoring, automatic capture, app push, and cloud-linked handling of children's photos and videos without a prominent upfront warning. In homes, kindergartens, and playgrounds, this can enable covert or insufficiently consented surveillance of minors and transmission of highly sensitive biometric and behavioral data.

Missing User Warnings

High
Confidence
94% confidence
Finding
The skill targets shared/public environments involving children but does not present a clear, immediate consent warning at the point of activation. This is dangerous because operators may deploy it in classrooms or playgrounds without verified parental authorization, leading to unlawful monitoring and capture of minors' images and audio.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The API documentation describes starting analysis, retrieving results, exporting reports, and pushing children's photos/video clips to parents, but it does not pair these operations with a clear user-facing privacy notice, retention disclosure, or consent/authorization flow at the interface level. In a child-surveillance context, this omission is dangerous because sensitive biometric and behavioral data is being captured, stored, exported, and distributed, increasing the risk of unauthorized collection, over-retention, and privacy-law noncompliance.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs clients to upload video files or provide public video URLs but does not disclose that children's footage is transmitted to a remote server or explain retention, access, consent, or privacy consequences. Given the skill's surveillance of homes, kindergartens, and playgrounds, this omission materially increases the risk of covert collection and mishandling of highly sensitive child data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code reads arbitrary local file content into memory and sends it to an external analysis API, or forwards a remote video URL for server-side retrieval, without any user-facing notice, consent flow, or privacy guard in this file. In the context of a child-monitoring skill for homes, kindergartens, and playgrounds, this is especially sensitive because it can transmit children's images and videos—likely personal and potentially regulated biometric/child data—without clear disclosure or minimization.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
When the config file does not exist, the loader silently creates directories and writes a new YAML file to disk with no notice and no permission hardening. In a child-monitoring context, silent persistence of operational settings can create privacy and integrity risks, especially if sensitive defaults or later-added secrets are stored in locations accessible to other local users or processes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The save method writes arbitrary configuration data to disk and suppresses all exceptions, which can hide insecure storage of secrets, user identifiers, or behavior settings and prevent operators from detecting failures. In a system handling children's camera-derived events and parent app integrations, silent persistence without transparency or error reporting raises privacy and auditability concerns.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The helper sends identity and authentication-related fields (`openId`, `mobile`, tokens, username-derived data) to remote services without any evidence in this file of consent, minimization, or purpose limitation. In the context of a child-focused camera skill, undisclosed transmission of user identity data is more concerning because the feature already operates in a sensitive surveillance setting involving families and children.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal