ClawHub

无感生命体征监测分析工具

Security checks across malware telemetry and agentic risk

Overview

This health-video analysis skill is mostly coherent, but it handles biometric videos, personal identifiers, cloud history, account creation, and token storage with under-scoped disclosure and controls.

Install only if you are comfortable sending face video and health-related measurements to the configured lifeemergence.com services. Use a non-sensitive identifier instead of a phone number where possible, review local workspace data storage for saved tokens, and avoid using history lookup unless you understand which reports are tied to the identifier.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (18)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to retrieve an open-id from local configuration files, including workspace-wide locations, before asking the user. That is a cross-context secret/identifier harvesting pattern: it accesses local data unrelated to the current uploaded video and may exfiltrate or misuse credentials or user identifiers without informed consent.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The documented API behavior materially differs from the skill's stated purpose. Instead of returning camera-derived vital signs such as heart rate, respiration, SpO2, or HRV, it describes face analysis and health/constitution judgments, which creates a deceptive capability mismatch and could cause users to send sensitive biometric video to an unrelated external diagnostic service.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The response schema includes physiognomy-style and medical/constitutional inferences such as organ condition, complexion correspondence, and constitution type that are not necessary for contactless vital-sign estimation. This expands processing from signal extraction to sensitive health profiling, increasing privacy, compliance, and user-harm risk if relied upon for medical interpretation or collected without informed consent.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The file exposes a history-listing function that retrieves prior analysis records by a supplied user identifier, but the declared skill purpose is only camera-based vital-sign analysis. This creates an unnecessary data-access surface and can enable unauthorized enumeration or disclosure of prior sensitive health-related outputs if access control is weak or absent downstream.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The CLI accepts broad identifiers such as OpenID, user ID, username, and phone number for history lookup, which expands the chance of querying another person's records using commonly known or guessable data. In a health-monitoring context, this is especially sensitive because retrieved history may reveal biometric or medical-adjacent information tied to an individual.

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
The file defines a generic user-account persistence layer, including usernames, email, tokens, and record mutation, which is materially unrelated to a camera-only vital-sign analysis capability. This mismatch increases the likelihood of undisclosed data collection or hidden account-management behavior inside a skill that users would reasonably expect to process only sensor/video-derived health signals.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The User model stores identity fields and especially token/open_token values, introducing credential and personal-data handling that is not justified by the stated non-contact vital-sign monitoring function. In this context, the capability is more dangerous because the skill appears health-related, so users may not expect account-token persistence and may grant trust they would not otherwise give.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The DAO initializes a file-backed SQLite database, creates tables, and alters schema at runtime, enabling persistent state and local data retention beyond what an analysis-only monitoring skill description suggests. This broadens the attack and privacy surface because the skill can silently accumulate and modify local records unrelated to transient camera analysis.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
This utility layer performs account lookup, implicit user creation/login, token retrieval, and local token persistence, which is unrelated to a camera-based vital-sign analysis function. That hidden identity and credential handling expands the skill’s privileges and can cause unauthorized account creation, session reuse, or unintended backend access without clear user consent.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The code returns instructions to install a payment skill and recharge an account when a 402 condition occurs, which is outside the declared medical-monitoring purpose of the skill. This creates an unexpected monetization path and can socially engineer users into enabling additional capabilities unrelated to vital-sign analysis.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The default trigger is broad enough that general requests involving videos and health monitoring could automatically activate this skill. Because activation leads to local file saving and cloud analysis of sensitive biometric/health data, overbroad triggering raises the risk of processing data the user did not clearly intend to submit to this workflow.

Vague Triggers

Medium
Confidence
87% confidence
Finding
History-report lookup is triggered by broad keywords without strong scope checks or confirmation. In this skill, that can cause unintended retrieval of prior health-analysis reports from a cloud service, exposing sensitive historical biometric data when the user may only be asking a general question.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill routes user videos and derived health metrics to a cloud API but does not present a clear privacy warning at the point where data collection and transmission are described. Given that facial video and inferred vital signs are highly sensitive biometric/health-related data, omission of explicit disclosure and consent materially increases privacy and compliance risk.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill asks the user to provide a username or phone number as open-id without a clear warning that this is a sensitive identifier that may be stored or used to query historical health reports. Using common personal identifiers for account linkage in a medical-adjacent workflow increases the risk of account enumeration, privacy leakage, and unintended association of health data with real-world identity.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code reads arbitrary local video files into memory and sends them to a remote analysis API, or forwards a supplied URL for remote processing, without any user-facing notice, consent flow, or privacy disclosure in this component. Because this skill processes highly sensitive health-related biometric data from camera footage, silent transmission materially increases privacy and compliance risk and could expose intimate personal information to external services.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The script collects a personal identifier and sends video for remote analysis without presenting any explicit privacy notice, consent prompt, or data-handling explanation. Because the skill processes camera footage and infers vital signs, the missing transparency materially increases privacy risk and the likelihood of improper collection or transfer of sensitive personal data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Persisting token and open_token fields in a local SQLite database creates a clear credential exposure risk if the database file is read, copied, or backed up insecurely. In a health-monitoring skill context, this is especially concerning because secret storage is unexpected and may occur without informed user consent or hardened secret-management controls.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The request helper automatically injects user identifiers and authentication tokens into outbound HTTP requests, and may also create accounts using a mobile/openId value, without any visible disclosure in this code path. In a health-related skill, silent transmission of identity and session data is especially sensitive because it can link medical usage with user accounts and backend services.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal