Child Window/Balcony Climbing Detection | 儿童攀爬窗户/阳台识别

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This child-safety video skill needs Review because it handles sensitive child/home footage and has under-disclosed account, credential, and token-storage behavior.

Install only after confirming the publisher, backend service, and data-retention policy. Treat uploaded videos, snapshots, open-id values, phone numbers, and generated reports as sensitive child/home surveillance data. Do not provide real child footage or personal identifiers unless you consent to remote processing and local plaintext token storage, and review the dependency issue before running installs.

SkillSpector (24)

By NVIDIA

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 83% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 82% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill declares no permissions while its documented behavior requires environment access, local file read/write, network calls, and shell execution. This is dangerous because it hides the true attack surface from reviewers and users, making sensitive operations like config scraping, local persistence, and remote API interaction occur without explicit disclosure or consent.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The skill is presented as a child-safety video detector, but the documented/observed behavior includes account lookup or auto-registration, backend record management, token storage in SQLite, and report listing/export functions unrelated to the stated purpose. This mismatch is dangerous because users may provide sensitive child video data under false assumptions while the skill performs broader account and data-management operations that expand privacy and security risk.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The instructions require obtaining an open-id by reading api-key values from local configuration files, effectively repurposing locally stored credentials for user identification. This is dangerous because it encourages secret harvesting from the filesystem and can expose or misuse credentials that were not intended to be read or transmitted by this skill.

Context-Inappropriate Capability

Medium

Confidence: 86% confidence
Finding: The skill includes cloud history-report querying beyond the core real-time detection use case, increasing the amount of sensitive child-monitoring data accessible through the skill. In this context, historical reports and snapshots may reveal patterns about minors, home layouts, and household routines, so broad retrieval functionality materially increases privacy exposure.

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The documented response schema is for face/health diagnosis rather than child window-climbing detection, which is materially inconsistent with the advertised safety function. In a child-fall-prevention context, this can cause integrators to build against the wrong fields, fail to trigger urgent alerts, or route sensitive family video into an unrelated biometric/health-analysis pipeline.

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: Documenting only a generic common-analysis endpoint instead of a dedicated child-safety monitoring interface creates ambiguity about what processing actually occurs and what guarantees exist for alerting behavior. For a real-time safety system, unclear API semantics can lead to misuse, misconfiguration, or accidental invocation of a broader backend that processes videos beyond the intended child-risk use case.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The skill processes and exposes `healthAiResponse` and related generic AI response fields even though the stated purpose is child window-climbing/fall-risk detection. In this context, handling unrelated health-analysis data can enable collection or disclosure of sensitive personal inferences beyond the user's expected safety use case, creating a data minimization and privacy overreach issue.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The report-listing logic displays `healthAssessment.subject` from health or face analysis instead of child-fall-risk events, showing functionality materially unrelated to the advertised safety skill. In a child-monitoring setting, surfacing health/face assessment data increases the chance of exposing sensitive attributes about children or household members without clear necessity or user expectation.

Context-Inappropriate Capability

High

Confidence: 94% confidence
Finding: Using face or health analysis in a child window-climbing safety skill is unjustified by the stated purpose and is especially sensitive because it may process biometric or health-related data about minors. The skill context makes this more dangerous, since monitoring children in homes or kindergartens raises elevated privacy, consent, and regulatory concerns.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The file defines a generic user DAO and user model that persist account metadata and authentication-related token fields even though the declared skill purpose is child window-climbing detection. This data collection and retention is broader than necessary for the safety-monitoring function, increasing privacy and credential-exposure risk if the local database is accessed.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The User model stores token and open_token values in plaintext columns alongside profile data. If the SQLite file is copied, read by another local process, or backed up insecurely, those credentials could be reused to impersonate users or access external services, making this more dangerous than ordinary profile storage.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The file exposes a generic `ai_chat(prompt, session_id, timeout)` capability that is not constrained to the manifest’s stated child-window-climbing safety purpose. In a safety-focused camera skill, this kind of broad agent interface increases the attack surface for unintended prompting, hidden functionality, or future misuse if later wired to an external model or command runner.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The request helper silently performs account creation/login via /sys/phoneLogin using a username/openId, then persists returned tokens locally through the DAO. That behavior is unrelated to child-window-climbing detection and can cause unauthorized account provisioning, identity misuse, and hidden credential storage/transmission without explicit user consent.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The utility injects tenant, skill hub, platform, username, API key, and authorization metadata into outbound requests by default, and also includes account-balance/payment handling logic in a generic transport layer. For a safety-monitoring skill, this broad cross-cutting enrichment exceeds the stated purpose and increases unnecessary data exposure to external services.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The default trigger activates on any uploaded window or balcony video, which is overly broad for a skill handling highly sensitive footage of home interiors and children. This can cause unintended analysis and transmission of private videos without sufficiently specific user intent, increasing privacy and consent risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill promotes continuous monitoring, snapshot capture, and mobile alerting for children in private spaces without an upfront, prominent warning about the sensitivity of minor video data. In a home and childcare setting, this omission is dangerous because users may not understand that intimate household footage and child images could be stored, transmitted, or queried later.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script requires an `--open-id` value and explicitly allows highly sensitive identifiers such as OpenID, user ID, username, or phone number, then stores that value in process-wide state without any visible privacy notice, minimization, masking, or handling guidance. In this skill’s context, the identifier is tied to continuous monitoring of children and potentially snapshot alerts, which increases privacy sensitivity and the risk of exposing both identity and behavioral surveillance data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The API accepts uploaded videos and public video URLs from living rooms or child activity areas without any privacy, consent, retention, or transmission warning. Because the skill is explicitly designed for continuous monitoring of children in homes and schools, silent collection and remote transmission of this footage creates substantial privacy and safety risk if users or deployers are not informed and protected.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The code uploads local video contents or forwards remote video URLs to an analysis API, but this file provides no user-facing notice, consent gate, or indication of where footage is sent. Because the skill handles always-on home/child-area video, silent transmission materially increases privacy risk and could expose highly sensitive footage if the backend is misconfigured or compromised.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The CLI requires an `--open-id` value and explicitly allows highly sensitive identifiers such as OpenID, user ID, username, or phone number, but provides no warning about privacy handling, storage, logging, or transmission. In this child-monitoring context, linking surveillance events and snapshots to personal identifiers increases privacy risk and can expose families or children if shell history, process listings, logs, or downstream services are compromised.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script submits local video paths or URLs to `skill.get_output_analysis(...)`, and its exception handling references API/network requests, indicating backend processing may occur without clearly informing users that video content could be transmitted off-device. Because this skill analyzes footage of children inside homes or childcare spaces and may generate snapshots, silent remote transfer materially increases privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: When debug mode is enabled, HTTPConnection and urllib3 debugging can log request and response details, which may include tokens, usernames, phone numbers, and API payloads. In a home/child safety context, such data may contain sensitive account and monitoring information, creating privacy and credential leakage risk.

Static analysis

Install untrusted source

Warn

Finding: Install source points to URL shortener or raw IP.

Dep not found on registry

Critical

Finding: 1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal