ClawHub

Child Outdoor Activity Duration Monitoring | 儿童户外活动时长监测

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate child activity monitoring purpose, but it sends sensitive home/child video and identifiers to cloud services with under-scoped account, token, and history-report handling.

Review carefully before installing. Use this only if you trust the publisher and cloud backend with child/home camera footage, phone numbers or open-id values, historical activity reports, and stored access tokens. Require explicit guardian consent, avoid phone numbers as identifiers, restrict accepted video sources, and fix the yaml dependency and token storage before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (17)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill instructs retrieval of an open-id from local configuration files and allows user-supplied identifiers, effectively introducing credential/account discovery into a camera-analysis feature. In the context of monitoring minors in the home, this expands access to sensitive account data without clear necessity and increases the chance of unauthorized linkage, misuse, or leakage of personal identifiers.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill includes cloud history-report querying and presentation of report links beyond a narrowly defined monitoring workflow. That broadens the accessible data surface from single-run analysis to historical surveillance records, which is more sensitive in a child/home context and can expose prior reports or metadata if access controls are weak.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented API behavior is materially inconsistent with the skill’s stated purpose. Instead of describing child outdoor-activity event tracking, it specifies a generic video-analysis endpoint returning face detection and health/constitution diagnosis data, which suggests undocumented collection or transmission of sensitive biometric and health-related information beyond what is necessary for the claimed functionality.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Face detection and especially health/constitution diagnosis are unjustified for a child outdoor-activity monitoring skill, creating a significant overcollection risk. In this context, the capability expands processing into sensitive biometric and inferred health domains involving children, which materially increases privacy, compliance, and misuse risk if the backend performs more analysis than users expect.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script accepts arbitrary remote video URLs even though the stated use case is fixed-camera child activity monitoring. This expands the data-ingestion surface and can enable processing of unrelated third-party videos or internal network resources if the downstream analysis service fetches the URL, creating privacy risk and possible SSRF-style behavior depending on backend implementation.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The file implements a generic user-account persistence layer, including identity fields and account lookup/update methods, even though the declared skill is for child outdoor-activity monitoring. That mismatch expands the data footprint and attack surface beyond the stated purpose, increasing privacy and misuse risk if the component is embedded in a child-monitoring product.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The model stores token and open_token values in a local SQLite database without any visible encryption, hashing, scope restriction, or lifecycle controls. If the database file is accessed by another local process, backup system, or a compromised app environment, these credentials could be reused to impersonate users or access linked services.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This utility performs automatic remote account bootstrap and authenticated API interactions that are far broader than the skill's stated purpose of local child outdoor-activity monitoring. The helper `_get_or_create_user` silently sends identifiers to a remote health endpoint and the generic request wrapper attaches tokens and user identifiers to arbitrary requests, creating undisclosed data exfiltration and unauthorized account-provisioning risk.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
A generic authenticated HTTP client in a child-monitoring skill materially expands the attack surface because any caller can invoke remote APIs with inherited tokens, app IDs, and user context. In this context, the capability is over-privileged and inconsistent with the declared monitoring/reporting behavior, making unintended data transfer or backend side effects much more dangerous.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The default trigger is broad enough to activate on essentially any uploaded camera video needing analysis, rather than narrowly scoped child outdoor-monitoring requests. Overbroad triggering can cause accidental processing of unrelated private footage and unintended transmission to backend services, which is particularly sensitive for home and child videos.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill does not clearly warn users upfront that sensitive home-camera footage and identifiers may be transmitted to a cloud API. In this context, the data involves minors, home entry points, and activity history, so failing to disclose remote transmission materially increases privacy and safety risk and prevents meaningful consent.

Missing User Warnings

Medium
Confidence
75% confidence
Finding
The script requires an `open_id` that may be a username or phone number and stores it in a process-wide variable without any privacy notice, minimization, or masking. In the context of child-monitoring data, associating identifiable user information with behavioral surveillance outputs increases privacy risk and could expose sensitive household or child activity records if logs, crashes, or downstream systems leak that identifier.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The API accepts uploaded videos and public video URLs but provides no privacy, retention, consent, or sensitive-data handling guidance. Because the skill concerns children and the referenced analysis includes face and health-related processing, the absence of safeguards or disclosure makes accidental exposure, unauthorized sharing, and noncompliant processing substantially more dangerous.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill reads arbitrary local files from a supplied path or forwards arbitrary remote video URLs to the analysis API, but this code provides no consent notice, destination transparency, or restriction tied to the child-monitoring purpose. In a home/child surveillance context, silently transmitting video is privacy-sensitive and can lead to unintended disclosure of footage from inside the home or retrieval of attacker-chosen remote content by backend services.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script explicitly accepts highly sensitive identifiers such as OpenID, username, or phone number and propagates them into backend operations without any minimization, masking, or clear privacy handling. In a child-monitoring context this is more sensitive because it links child activity records to directly identifying household data, increasing privacy harm if logs, console history, or backend storage are exposed.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The request path automatically injects `pnaUserName`, tokens, app identifiers, tenant codes, and platform metadata into outbound requests without any visible confirmation or disclosure. Because this is a child-health-related skill, silent transmission of account-linked data is especially sensitive and can expose user identity, usage, and backend authorization context to remote systems.

Missing User Warnings

High
Confidence
97% confidence
Finding
The `_get_or_create_user` function silently attempts phone login/registration with `register: 1`, `silent: 1`, `openId`, and `mobile` derived from the username. Automatic registration/login without explicit user awareness is a strong privacy and consent failure, and in a family/child monitoring setting it can create remote accounts tied to personal identifiers unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal