ClawHub

Child Social Interaction Frequency & Duration Analysis | 儿童社交互动频次与时长分析

Security checks across malware telemetry and agentic risk

Overview

This skill processes sensitive videos of children through a cloud service, but its artifacts show under-disclosed identity, token, report-history, and unrelated health/face-analysis behavior.

Review before installing. Confirm the backend operator, legal authority and guardian/institutional consent for processing children's videos, exactly what video/identifier/report data is uploaded and retained, how reports and tokens can be deleted, and whether the health/face-analysis paths, local token storage, auto account creation, and mutation/delete methods have been removed or tightly restricted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (27)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill exposes powerful capabilities (environment access, file read/write, network, shell) without declaring permissions or clearly constraining their use. In a skill handling sensitive videos of children and user identifiers, this lack of transparency and least-privilege control materially increases the risk of unauthorized data access, exfiltration, or command execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented purpose is child social-interaction analysis, but the behavior extends into remote login/account operations, local token persistence, and generic report CRUD actions unrelated to the stated function. This mismatch is dangerous because it can hide identity collection, session persistence, and broader remote data operations behind an apparently narrow video-analysis skill, especially sensitive given the child-focused context.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill broadens itself from one-time visual analysis into persistent cloud storage and historical retrieval of reports keyed to user identity. That expansion creates additional privacy and security risk by linking sensitive child behavioral data to identifiable users and retaining it beyond the immediate analysis task.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The instructions require reading API keys/open-id values from configuration files or collecting them from the user, even though the manifest presents the skill as a visual analysis tool. This encourages credential harvesting and reuse, expands access beyond what users may expect, and may expose secrets stored in workspace files.

Context-Inappropriate Capability

Low
Confidence
78% confidence
Finding
Automatically saving uploaded videos locally introduces unnecessary retention of highly sensitive footage involving minors. Keeping copies on disk increases the attack surface for leakage, misuse, or later unauthorized processing, especially when local storage is not essential to the stated task.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The skill says it does not provide psychological or autism diagnosis, yet it explicitly promotes autism early-screening and related report-query scenarios. This contradiction is risky because it can lead users to rely on non-clinical outputs for sensitive developmental judgments about children, creating harm through misclassification, stigma, or inappropriate intervention.

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The skill is described as an analytics/reporting component, but this file exposes add, edit, and delete operations that enable state-changing behavior beyond passive analysis. In a child-monitoring context, undocumented mutation endpoints increase the risk of unauthorized record tampering, deletion of camera bindings, or manipulation of analysis configuration/data, undermining integrity and auditability.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The analysis request automatically injects a petType parameter even though the skill is supposed to analyze child social interactions. This mismatch strongly suggests code reuse or cross-wiring to an unrelated model/API, which can cause incorrect processing, routing to the wrong backend behavior, or leakage/misclassification of sensitive children's video analytics data.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The inline comment explicitly states that a pet-type parameter is being added, directly contradicting the skill's child-focused functionality. In security review, this is a strong indicator of a misbound capability or repurposed code path, which is especially dangerous here because the system handles surveillance-derived data about children and may produce unreliable or privacy-impacting outputs.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documented endpoint and response schema are materially inconsistent with the declared skill purpose. Instead of child social-interaction analytics, the API appears to perform face detection and health/constitution-style diagnosis, suggesting either a misrepresented capability or repurposing of sensitive child video for biometric/health inference. In the context of kindergarten surveillance footage and autism-screening claims, this mismatch is especially dangerous because operators may unknowingly submit children’s videos to a system performing unrelated and highly sensitive analysis.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The response body explicitly contains diagnosis-style outputs such as constitution, organ condition, complexion analysis, and health warnings, which are unrelated to social-interaction detection. This indicates the referenced service may process facial data to generate medical or pseudo-medical inferences, creating severe privacy, compliance, and misuse risks—particularly because the subjects are children in educational settings. The skill context increases severity because it frames the system as an early screening aid, making undisclosed health-style inference especially sensitive.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill description is limited to video-based social-interaction analysis and reporting, but this API service also exposes add, edit, and delete record-management operations. That scope expansion increases attack surface and creates an authorization-risk path where a caller or downstream component could modify or remove records unrelated to the advertised analytics function, which is especially sensitive in a child-monitoring context.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The output parsing accepts and surfaces generic `commonAiResponse` and especially `healthAiResponse`, which exceeds the declared purpose of child social-interaction reporting. In this context, that creates a real data-scope violation: health-related inferences about children may be exposed through a skill that users would reasonably expect to be limited to interaction analytics, increasing privacy and regulatory risk for sensitive child data.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The historical report listing explicitly extracts `healthAiResponse` and `faceAnalysisResponse` health assessment fields and presents a judgment/subject in the report table, despite the skill being described as social-interaction analysis. Because the skill processes kindergarten and early-education footage, this is especially dangerous: it can expose sensitive health or developmental inferences about children to users who may not have expected or been authorized to access them.

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
The file defines persistent user-account storage, including usernames and related identity data, in a skill whose declared purpose is child social-interaction video analysis. This scope mismatch is dangerous because it quietly expands the data footprint and creates unnecessary retention of personal data in a sensitive child-focused environment, increasing privacy, compliance, and abuse risk.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The model stores token, open_token, and email in local SQLite without any visible encryption, hashing, minimization, or justification tied to the skill's stated behavior. In a child-observation context, collecting and retaining authentication artifacts and contact data broadens the attack surface and could enable account compromise or privacy violations if the database is accessed.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The HTTP helper embeds unrelated account provisioning and login behavior via /sys/phoneLogin with silent/register flags, using a username as both mobile and openId. In a skill for child social-interaction analysis, this is unnecessary privileged behavior that can create or access backend accounts implicitly, expanding attack surface and enabling unauthorized identity binding or data access if caller-controlled values reach this path.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The default activation condition is broad enough to trigger on ordinary video-analysis requests, increasing the chance that sensitive child videos are processed or transmitted without deliberate user intent. Over-broad triggering is especially problematic here because the skill handles minors' behavioral data and may invoke cloud-backed features automatically.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill does not provide a clear warning that sensitive videos of children and associated identifiers may be transmitted to a remote API/cloud service. This omission undermines informed consent and can result in covert exposure of minors' biometric/behavioral data and user-linked records to external systems.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The API documentation exposes capabilities to export full reports and retrieve heatmap URLs for highly sensitive child behavioral data, but it provides no privacy handling requirements, access-control guidance, retention limits, or warnings about safeguarding minors' data. In the context of kindergarten surveillance and social-behavior profiling, this omission materially increases the risk of unauthorized disclosure, misuse, and over-collection of sensitive information.

Missing User Warnings

High
Confidence
97% confidence
Finding
The document describes collecting classroom video, linking identities via class rosters, tracking individual children across frames, and producing outputs such as low-interaction candidates and alerts, yet it lacks any clear privacy, consent, or child-protection safeguards. Because the skill processes minors' video and infers sensitive social and developmental traits, the absence of documented protections makes the feature set especially dangerous and susceptible to harmful profiling, stigma, and privacy violations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The CLI requires an `open-id` and accepts user identifiers such as OpenID, username, phone number, or similar sensitive identifiers, then stores that value in process-wide state without any privacy notice, minimization, masking, or handling safeguards. In the context of a tool analyzing children's social behavior in schools or playgrounds, collecting directly identifying information raises meaningful privacy and misuse risks, especially if logs, crash traces, shared terminals, shell history, or downstream services expose the identifier.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to upload MP4 videos or provide publicly accessible video URLs but gives no warning about privacy, retention, lawful consent, or handling of minors' data. Because this skill targets fixed-camera footage in kindergartens and playgrounds, the absence of data-handling guidance materially increases the risk of unauthorized collection, over-sharing, and exposure of sensitive children’s biometric and behavioral data.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The API documentation requires an X-API-Key but provides no guidance on secure storage, rotation, or prohibition against embedding credentials in client-side code or shared documentation. While this is less severe than the data-misuse issues, poor credential hygiene can enable unauthorized access to sensitive video-analysis endpoints and associated child data.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill reads local video files into memory and uploads them, or forwards remote video URLs to the backend analysis service, without any visible consent, disclosure, or minimization controls in this code path. In the context of fixed-camera monitoring of children in kindergartens, transmitting raw video or external URLs is highly sensitive and can create serious privacy, compliance, and data-governance risks if users are not clearly informed and protected.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal