Child Poor Posture (Hunchback / Head Tilt) Real-Time Reminder | 儿童坐姿不良（驼背/歪头）实时提醒

Security checks across malware telemetry and agentic risk

Overview

This child posture skill does perform cloud video analysis, but it also has under-scoped identity, token storage, history-report, and broader health-analysis behavior that needs review before use.

Review before installing. Use only with explicit guardian consent, a trusted publisher, and clear answers about which cloud service receives videos, what identifiers are sent, how report links are protected, how long child data is retained, and how locally stored tokens can be deleted. Fix the unresolved dependency and avoid putting real API keys in fields used as user IDs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (25)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 82% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 82% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill declares no permissions while its instructions clearly require environment access, local file reads/writes, shell execution, and network calls. This under-disclosure prevents meaningful user review and sandbox policy enforcement, creating a trust and authorization gap around sensitive operations involving children's video and identifiers.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The documented purpose is local real-time posture monitoring, but the skill behavior expands into remote backend analysis, token/login handling, and local persistence of user metadata, none of which are clearly disclosed. This mismatch is dangerous because users may consent to a benign local health feature while the skill actually transfers sensitive child video and manages identity-linked cloud data flows.

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The skill scope expands from posture analysis into cloud-backed historical report retrieval and report-link presentation, increasing data exposure and retention beyond the stated immediate analysis use case. For a child-monitoring workflow, this broadening materially raises privacy risk because historical records can reveal patterns of behavior, schedules, and identity-linked health inferences.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill requires acquiring an open-id or API key from config files or user input to access cloud APIs, despite presenting itself as a posture-monitoring feature. This creates unjustified identity collection and credential handling in a context involving minors, increasing the risk of account linkage, unauthorized access, and misuse of sensitive posture/video reports.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The API documentation for a child-posture monitoring skill instead describes a generic video-analysis endpoint that returns face detection, constitution classification, organ-condition inferences, and health advice. This mismatch strongly suggests the skill may invoke a broader biometric/health-analysis service than disclosed, creating unauthorized collection and inference of sensitive data on children far beyond posture detection.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The documented response includes face-based health and constitution diagnosis unrelated to the stated desk-posture use case. In the context of monitoring children, this expands processing into highly sensitive biometric and quasi-medical profiling without clear necessity, consent, or safeguards, increasing privacy, compliance, and misuse risks.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The documentation exposes a common-analysis API that accepts arbitrary uploaded videos or public video URLs instead of a narrowly scoped posture-monitoring workflow. That broader ingestion model increases the chance of analyzing unrelated third-party content, bypassing expected device-bound capture controls, and using the skill as a general-purpose surveillance or media-analysis front end.

Description-Behavior Mismatch

Medium

Confidence: 85% confidence
Finding: The skill exposes historical report enumeration and export-link generation that go beyond the manifest's described real-time posture monitoring workflow. In a child-monitoring context, this materially increases privacy risk because report metadata and report URLs can reveal or enable access to sensitive child health/posture history if authorization is weak elsewhere.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The code accepts arbitrary http/https video URLs and forwards them to the backend analysis service, which is broader than the device-camera-only behavior described in the manifest. This creates hidden data-ingestion capability and can enable server-side fetching of attacker-controlled URLs, with risks ranging from privacy surprises to SSRF-like backend exposure depending on how the downstream service retrieves the URL.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The CLI help says the API key is required, but the code never enforces its presence before invoking analysis. If downstream components allow unauthenticated fallback or rely on ambient credentials, users may unknowingly send sensitive child video data without the expected authentication boundary, leading to unauthorized service use or accidental data disclosure.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The page method forwards a caller-supplied url into RequestUtil.http_post without any visible validation or restriction, enabling arbitrary outbound HTTP requests if an attacker can influence that argument. In a child-monitoring skill that processes camera-derived posture data, unconstrained egress is more dangerous because it could be used to send telemetry or related data to unauthorized remote services outside the stated product purpose.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The file implements generic persistence for sys_user records, including account-style data, which is not clearly required by the declared posture-analysis functionality. This kind of scope expansion is dangerous because it quietly broadens the data surface, making a child posture-monitoring skill also a user-account datastore without clear justification, minimization, or access controls.

Context-Inappropriate Capability

High

Confidence: 95% confidence
Finding: The model stores sensitive user profile fields and authentication-like secrets such as token and open_token, yet the posture-analysis description does not justify collecting or retaining them. For a system processing children's posture data and parent reports, storing unnecessary secrets materially increases breach impact, creates privacy/compliance exposure, and may enable account takeover if the database is accessed.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The utility silently provisions or logs in a user against a remote health-service endpoint, retrieves tokens, and persists them locally via the DAO layer. That behavior is unrelated to a child posture-analysis skill and expands the data-handling scope to account creation and credential storage, creating unnecessary privacy, consent, and credential-abuse risk.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The request wrapper injects tenant code, skill hub name, platform name, and username metadata into outbound requests by default. This causes broad, implicit propagation of identity and platform context beyond the posture-detection purpose, increasing tracking and unintended data disclosure risks across every API call.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The documentation does not clearly warn users that children's videos and related identifiers may be transmitted to a cloud service for analysis and report retrieval. Because the data concerns minors and may imply health-related posture conditions, the lack of prominent disclosure undermines informed consent and can lead to serious privacy, compliance, and trust harms.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The API documentation exposes privacy-sensitive capabilities for a child-monitoring system, including full report export and snapshot URLs, but provides no requirements for consent, access control scope, retention, or secure handling of children's images and posture data. In this context, the omission is dangerous because the skill processes minors' biometric/health-adjacent visual data, so weak or undefined protections can lead to unauthorized disclosure, mass data access, or insecure sharing of sensitive reports and images.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The API supports uploading video files and analyzing public video URLs but provides no privacy warning, consent guidance, retention statement, or notice about processing sensitive biometric data. Because the skill targets children and uses camera footage, the absence of explicit safeguards materially raises legal, ethical, and security risk around covert collection and secondary use of personal data.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The skill reads local video files and sends their contents to a remote analysis service without any visible in-code user notice, consent gating, or data-minimization step. Because the skill handles children’s video and inferred health/posture data, undisclosed transmission is especially sensitive and can expose biometric or behavioral information beyond user expectations.

Missing User Warnings

Low

Confidence: 76% confidence
Finding: User-supplied remote video URLs are forwarded to the analysis service without any visible warning that the backend may fetch and process third-party content. In this child-focused context, undisclosed external fetching can cause privacy surprises and may expose internal service behavior if the downstream system dereferences arbitrary URLs.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The tool requires an open_id that may be a phone number, username, or other personal identifier, yet this child-focused posture-monitoring skill provides no privacy notice, minimization, or masking. In this context, the data concerns children and could link posture reports or video-analysis history to directly identifiable individuals, increasing privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This code transmits usernames, open IDs, tokens, and related identity metadata over HTTP requests without any evident user-facing notice or consent mechanism in the skill context. Because the skill is marketed as posture monitoring for children and parent reporting, undisclosed identity transmission materially raises privacy and compliance concerns, especially for child-associated data flows.

Ssd 3

High

Confidence: 98% confidence
Finding: The skill instructs the agent to read a local config file's api-key and reuse it as a user's open-id, conflating a secret credential with a user identifier. This is dangerous because it can leak or misuse privileged secrets, cause unauthorized API access under the wrong identity, and break isolation between system credentials and user-scoped data access.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal