非接触式健康风险检测分析工具

Security checks across malware telemetry and agentic risk

Overview

This health-analysis skill needs Review because it handles biometric health media, identifiers, reports, and stored tokens with broader and less clearly disclosed behavior than its stated purpose.

Install only if you trust the publisher's remote service with face images or videos, health-related inferences, identifiers, and report history. Use a dedicated non-secret open-id rather than an API key or phone number, confirm what endpoint receives the data, and avoid this version if you need clear consent, retention/deletion controls, or narrowly scoped local token handling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (22)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 79% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 78% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Context-Inappropriate Capability

Medium

Confidence: 99% confidence
Finding: The skill instructs the agent to read local configuration files and reuse an `api-key` as the user's `open-id`, conflating credentials with user identity and granting access to sensitive local config data unrelated to the immediate user request. In context, this is especially dangerous because the skill handles medical-risk reports; using stored secrets as identity could expose or mis-associate highly sensitive health data across users.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The analysis request automatically injects a petType parameter into a skill described as human contactless health-risk screening, creating a strong semantic mismatch between declared purpose and actual request content. In a medical context, this can misroute data, invoke the wrong model or backend workflow, and produce unsafe screening results or inappropriate handling of sensitive biometric data.

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: The documented API behavior materially conflicts with the skill's stated purpose: it accepts MP4 videos or public video URLs and returns traditional-diagnosis-style outputs about organs and constitution, rather than frontal-image multimodal screening for acute/chronic cardiovascular risk. In a health-related skill, this mismatch is dangerous because developers or users may rely on inaccurate capabilities, route highly sensitive biometric data to an unexpected pipeline, or receive medically misleading outputs presented as risk screening.

Description-Behavior Mismatch

Low

Confidence: 79% confidence
Finding: This code exposes listing of historical reports and constructs export URLs for prior analyses, which goes beyond one-shot screening and touches stored sensitive medical data. In a health context, report enumeration and retrieval features are security-relevant because, without strong authorization checks in this layer, they can enable unintended disclosure of private health records or metadata.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: This service exposes generic CRUD wrappers and arbitrary HTTP verb helpers that can call caller-supplied URLs, creating a broad network capability not constrained to the stated health-risk screening function. In an agent/skill context, such reusable network primitives can be repurposed to access unrelated internal or external services, increasing the risk of SSRF, unauthorized data transfer, or policy bypass if higher layers pass untrusted endpoints.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The file defines a generic user DAO and persists usernames, emails, birthdays, age, sex, and authentication tokens, which exceeds what is justified by the stated contactless health-risk detection purpose. This kind of unnecessary account and token storage increases the attack surface and creates privacy/compliance risk, especially because the skill operates in a medical-risk context where users would expect stronger data minimization.

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: This utility for a health-risk screening skill performs unrelated identity and account workflows, including implicit phone/openId login/registration and billing failure handling. That scope expansion is dangerous because it silently couples sensitive health-related usage to account provisioning and monetization logic, increasing privacy risk and enabling unexpected remote side effects beyond the declared purpose of the skill.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The code injects a recharge/payment workflow into request handling, returning user guidance to install a payment skill and top up an account when status 402 is encountered. For a medical screening skill, embedding billing prompts in low-level network utilities is risky because it creates undeclared monetization behavior and can manipulate users during failure conditions.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The request path can automatically create or log in a user via phone/openId based on current username state, then retrieve and persist tokens. In the context of a health-risk analysis skill, that is especially dangerous because it links potentially sensitive medical interactions to identity/account creation without clear necessity, transparency, or consent.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The history-query auto-trigger phrases are broad enough to match ordinary conversation, causing the agent to launch report-listing behavior without strong confirmation of user intent. In this skill's medical context, that can surface sensitive historical health reports when the user may have meant something more general, increasing privacy and data minimization risk.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill states that uploaded photos and videos will be automatically saved as local files, but it does not present a user-facing warning, consent flow, retention policy, or deletion behavior. Because these files are biometric/health-related media, silent local persistence materially increases the risk of unauthorized access, secondary use, and regulatory noncompliance.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The workflow requires transmitting facial images/videos and a user identifier to a cloud API for analysis, yet the skill does not provide an explicit privacy warning, consent mechanism, or data-transmission disclosure before collection and transfer. Given that the content involves biometric and health-inference data, the lack of informed notice significantly elevates confidentiality and compliance risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README instructs users to configure an external API endpoint and submit local videos or remote video URLs for facial health analysis, but it does not warn that sensitive biometric and health-related data may be transmitted to third-party services. In a health-analysis context, this omission is dangerous because users may unknowingly expose highly sensitive personal data, creating privacy, compliance, and data-handling risks.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The API documentation instructs clients to upload videos or provide publicly accessible video URLs containing facial/biometric data, yet it gives no warning about sensitive data handling, external transmission, retention, consent, or third-party exposure. In this context, the omission is especially risky because the skill processes health-adjacent biometric information, so users may unknowingly disclose highly sensitive data in ways that create privacy, regulatory, and security exposure.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The tool processes facial media and sends the local file path or remote URL into an API-backed analysis flow without any explicit user warning, consent prompt, or disclosure about biometric-data transfer. In a health-risk screening context, this is especially sensitive because face imagery and inferred medical indicators can constitute highly sensitive personal and health data, creating privacy, compliance, and inadvertent data-sharing risks.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The function reads arbitrary local file contents and uploads them to an external analysis service with no visible user-facing disclosure, consent prompt, or data minimization in this path. In a health-analysis skill, this is especially sensitive because the files may contain biometric and medical information, making silent exfiltration to a remote service a meaningful privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 72% confidence
Finding: The DAO initialization automatically creates and alters the database schema on instantiation, causing writes and schema modification without any visible disclosure, approval flow, or migration control. In a health-related skill that stores personal data, silent schema mutation increases operational risk, can surprise users or operators, and may undermine change management and auditability.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The HTTP utility sends identifiers and authentication material such as App-Id, X-Access-Token, X-Api-Key, Authorization, tenant code, and username-derived fields to remote endpoints. In a health-related skill, undisclosed transmission of identity and token data is particularly sensitive because it can expose medical-use metadata and credentials to backend services or logs without user awareness.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The code retrieves token/openToken values, stores them in global state, and persists them via a DAO for later reuse. Persisting credential-like secrets in a utility path without clear storage protections or disclosure is dangerous because compromise of local storage or logs could enable account takeover or unauthorized API access.

Ssd 3

High

Confidence: 99% confidence
Finding: The skill normalizes reading an `api-key` from local configuration files during ordinary workflow execution and reusing it as an `open-id`, which exposes stored secret material to the agent's data-flow and blurs security boundaries between credentials and user data. In a health-reporting skill, this could enable cross-user data access, leakage of secrets, or accidental disclosure of sensitive reports under the wrong identity.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal