ClawHub

Depression Behavioral Markers (Long Immobility & Appetite Change) | 抑郁症辅助行为标记(长时间不动、食欲改变)

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly malicious, but it handles very sensitive home-camera and mental-health data with broad cloud processing, credential/token persistence, and under-scoped disclosures that require review.

Install only after confirming the monitored person has informed consent, the cloud provider and retention/deletion policy are acceptable, the dependency list is fixed, remote URL inputs are restricted, and credential/token storage is documented, encrypted, and scoped. Treat outputs as observational alerts only, not medical diagnosis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (17)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill expands from local behavioral observation into cloud-backed history lookup and report retrieval, increasing the data surface for sensitive mental-health and in-home monitoring records. Users expecting one-time analysis may unknowingly trigger broader access to historical health-related data, which raises privacy and confidentiality risks.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill directs the agent to read configuration files to obtain an API credential/open-id before analysis, which is sensitive-secret handling unrelated to the user-visible camera task. Pulling credentials from workspace files can expose tokens, enable unauthorized API use, and create cross-skill secret leakage if the agent has broad file access.

Intent-Code Divergence

Medium
Confidence
80% confidence
Finding
The documentation says the skill is not a medical diagnostic tool, yet trigger text includes requests for a 'mental health behavior diagnostic report.' That contradiction can mislead users into treating behavioral observations as diagnosis, which is especially risky in a mental-health context involving vulnerable elderly individuals.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The documented API returns face detection plus constitution and organ-condition diagnosis outputs that materially contradict the skill’s stated purpose of behavioral monitoring for depression-related markers. In a mental-health and elder-care context, this mismatch is dangerous because operators may unknowingly collect biometric/health-inference data far beyond user expectations, creating privacy, consent, and deceptive-functionality risks.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The referenced API behavior is inconsistent with the manifest’s claimed depression behavioral-marker analysis, indicating either the skill is misrepresented or it is wired to an unrelated backend. This is dangerous because it can cause hidden data repurposing, misleading users and integrators about what analysis is performed on sensitive home-camera footage.

Context-Inappropriate Capability

Medium
Confidence
65% confidence
Finding
This skill exposes a camera-linked deletion operation via delete(cameraSn), which is not justified by the stated behavioral-monitoring purpose. In a home mental-health monitoring context, an unnecessary delete capability could allow removal of camera-associated configuration or analysis records, undermining monitoring continuity, alerting, auditability, and user trust if invoked by an unauthorized or over-privileged caller.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill accepts arbitrary http/https video URLs and forwards them for analysis, which expands the trust boundary beyond the intended fixed home camera/local monitoring scenario. In a health-monitoring context involving highly sensitive bedroom and dining-area footage, this can enable analysis of untrusted remote content, accidental processing of third-party surveillance feeds, and potential server-side request abuse depending on how the downstream analysis service fetches URLs.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest describes a narrowly scoped home-monitoring use case, but the script accepts arbitrary local files and arbitrary remote URLs, greatly expanding what content can be analyzed. In a privacy-sensitive mental-health context, this broader input surface can enable misuse on unrelated or unauthorized videos and may also expose downstream systems to untrusted remote content ingestion.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Allowing arbitrary user-supplied remote video URLs is dangerous because it can be abused to make the backend fetch attacker-controlled resources, potentially enabling SSRF-like behavior, access to internal services, or ingestion of malicious/unexpected content. In this skill's context, the feature is especially risky because the stated purpose does not require general-purpose remote fetching, so the extra capability is unjustified and enlarges the attack surface around sensitive health-related analysis workflows.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The file defines a generic user DAO and a sys_user model with fields for username, email, token, and open_token, which materially exceed the stated purpose of depression-related behavioral observation from home cameras. In a high-sensitivity monitoring context involving elderly or solo-living individuals, unexplained credential and identity persistence broadens the data-collection surface and increases the consequences of compromise or misuse.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Storing token and open_token fields in a local SQLite-backed DAO introduces credential/secrets handling capability unrelated to the declared monitoring function. In a privacy-critical home surveillance and mental-health setting, unnecessary secret storage creates a meaningful risk of unauthorized account access, secondary system compromise, and sensitive user linkage if the local database is exposed.

Context-Inappropriate Capability

High
Confidence
92% confidence
Finding
This utility transparently provisions or looks up a health-platform user and injects authentication tokens into outgoing requests, behavior that is materially broader than the stated purpose of camera-based behavioral observation. In a mental-health monitoring context, silently creating accounts and binding requests to a user identity can cause unauthorized collection, transmission, and persistence of sensitive health-related identifiers and tokens, especially if reused by multiple skills through shared utility code.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The default trigger condition is broad enough to activate on routine home-video analysis requests, potentially causing unintended analysis of sensitive bedroom and dining footage. In this context, accidental activation is dangerous because it can transmit or process highly private in-home monitoring data without sufficiently specific user intent.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill handles highly sensitive bedroom and dining-area video, automatically saves uploaded media locally, and relies on cloud/API processing, yet does not clearly warn users about storage and transmission. For intimate in-home footage tied to mental-health inference, inadequate disclosure creates severe privacy, consent, and compliance risk, including exposure of vulnerable individuals' daily routines and health-related signals.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs clients to upload video files or public video URLs containing highly sensitive in-home footage, but provides no warning about privacy, retention, consent, or secure handling. Given the skill monitors bedrooms and dining areas for mental-health-related signals, omission of data-handling safeguards materially increases the risk of unauthorized surveillance, overcollection, and regulatory noncompliance.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This code reads local video files into memory or forwards remote video URLs to an external analysis service without any visible user-facing notice, consent flow, or data-minimization control. Because the skill is explicitly designed for intimate home monitoring of elderly or solo-living individuals in bedrooms and dining areas, silent transfer of this data creates substantial privacy, compliance, and misuse risk.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The code derives a writable database path from the workspace and silently creates a local SQLite database for persistent storage. In this skill's context, that storage can contain highly sensitive behavioral-monitoring outputs and user-linked data, so undisclosed local persistence increases privacy and confidentiality risk, especially on shared hosts or weakly protected deployments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal