ClawHub

Egg Incubation Monitoring (Turtle/Snake) | 孵化箱内龟蛋/蛇蛋发育监测

Security checks across malware telemetry and agentic risk

Overview

The skill mostly behaves like an external egg-analysis service, but it also uses account identifiers, silent remote account setup, local token storage, broad URL ingestion, and mismatched human-health analysis artifacts that users should review before installing.

Install only if you are comfortable sending egg images/videos, media URLs, and a user identifier such as an OpenID, username, or phone number to the LifeEmergence service. Before use, confirm how accounts are created, how long reports and uploaded media are retained, who can access report links, and where the local SQLite token database is stored. Avoid using sensitive personal footage or private/internal URLs until the publisher narrows the URL handling and documents the account/token flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (32)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Mandatory cloud history queries and report URL exposure go beyond simple image analysis and introduce additional data disclosure paths. Tying records to user identifiers and returning direct links can reveal prior analyses or metadata to unintended users if access control or user awareness is weak.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to read local configuration files to obtain an open-id/api-key-like value, which is a credential access pattern unrelated to ordinary visual analysis. Pulling identifiers from workspace files can leak secrets across skills or users and normalizes unauthorized credential harvesting behavior.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The documentation presents the skill as non-invasive local visual analysis, but the operating instructions route local files or remote URLs to an external API for processing. This discrepancy matters because users may provide sensitive media without realizing it will be uploaded or fetched remotely.

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The script exposes a history-listing capability keyed only by a supplied `open_id`, which expands behavior beyond the stated egg-analysis/reporting function and can enable unauthorized access to prior analysis records if downstream authorization is weak or absent. In this context, breeder or user history may contain sensitive operational or personal data, so accepting an arbitrary identifier from the CLI increases the risk of insecure direct object reference behavior.

Description-Behavior Mismatch

Low
Confidence
79% confidence
Finding
Allowing arbitrary network URLs as analysis input broadens the trust boundary from fixed local incubator captures to attacker-controlled remote content. If the downstream `skill.get_output_analysis` fetches URLs server-side, this can create SSRF, internal network probing, or unexpected ingestion of untrusted content, which is inconsistent with the declared fixed-camera use case.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The documented API returns face detection and human health/constitution diagnosis results that are fundamentally unrelated to reptile egg incubation monitoring. This mismatch strongly suggests the skill may route user-provided media to an unrelated third-party human-analysis service, creating a serious integrity and privacy risk through unexpected data use and misleading functionality.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The endpoint behavior is semantically unrelated to the declared skill purpose and instead processes human facial and health-related video analysis. In the context of an egg-monitoring skill, this makes the discrepancy more dangerous because users and integrators would not expect animal incubator footage to be sent to a service designed for human biometric or health inference, indicating possible misrouting, deceptive capability claims, or unsafe reuse of an unrelated backend.

Description-Behavior Mismatch

High
Confidence
92% confidence
Finding
The implementation accepts either local files or arbitrary remote video URLs for analysis, which materially exceeds the stated purpose of periodic fixed-camera egg surface image monitoring. This scope expansion enables the skill to be used as a generic media ingestion and external-fetch tool, increasing attack surface for unauthorized data processing, misuse, and abuse of backend analysis services.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Allowing arbitrary HTTP/HTTPS URLs gives the system a network-fetch capability unrelated to the incubator-camera use case. If the backend resolves and downloads those URLs, an attacker may leverage this for SSRF-like access to internal resources, unexpected outbound requests, or ingestion of untrusted remote content.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The implementation materially diverges from the declared egg-incubation image-monitoring purpose by providing generic video analysis and accepting non-incubator inputs. This kind of capability mismatch is dangerous because it can hide broader data-processing behavior from reviewers and users, enabling unauthorized analysis of unrelated media through the same skill interface.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The undisclosed history/listing feature exposes prior analysis records beyond the narrow manifest description. Hidden retention or retrieval functionality increases privacy and governance risk because users may not realize analysis metadata or outputs are stored and queryable.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Accepting arbitrary remote video URLs is unjustified for a fixed-camera incubator-monitoring skill and expands the attack surface significantly. It can be abused to process unrelated external content, trigger server-side fetching of attacker-controlled URLs, or facilitate misuse inconsistent with the declared purpose.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
Labeling the tool as a generic video-analysis utility contradicts the skill’s declared egg image monitoring function and misleads users about actual capability. Misleading documentation is security-relevant here because it obscures scope, review expectations, and permitted data usage.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The CLI help advertises local and network MP4 processing, which is inconsistent with the manifest’s fixed-camera egg image analysis description. This mismatch can encourage out-of-scope use and masks broader handling of user media than reviewers or operators would expect.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
This file exposes a broad generic API wrapper with pagination, CRUD, and arbitrary HTTP methods that are not constrained to the stated egg-incubation image-analysis purpose. In a skill whose manifest describes narrow visual monitoring, this creates unnecessary capability surface that could be reused to access or modify unrelated backend resources if higher-level callers pass untrusted URLs or payloads.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The get_user_by_username capability performs user-account lookup even though the declared skill purpose is incubator monitoring and egg image analysis. This mismatch suggests unnecessary access to identity-related data and could enable user enumeration or retrieval of account details unrelated to the skill's function.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file defines a generic user-account persistence layer, including identifiers, usernames, real names, email, birthday, and token-like fields, which is unrelated to the declared egg-incubation image-analysis purpose. This scope mismatch is dangerous because it introduces hidden user-data handling and account-management capability that expands the attack surface and may enable unauthorized collection or retention of personal and authentication-related data.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The model stores token and open_token fields even though the skill is described as performing incubator image capture and visual egg analysis. Retaining authentication-like secrets in a local SQLite database is risky because compromise of the host or database file could expose reusable credentials or API tokens unrelated to the stated function of the skill.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This utility performs authentication bootstrap, token handling, remote account provisioning, and local token persistence, which is unrelated to the stated egg incubation image-monitoring function. Such hidden identity and account-management behavior expands the skill's privileges and creates a covert channel for user enrollment and credential use without clear necessity or consent.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The _get_or_create_user path can create remote accounts using a username/phone-like value and silently register users with an external service. In the context of an egg-monitoring skill, this is unjustified and dangerous because it can enroll users or transmit identifiers to third parties without informed consent, enabling privacy violations and unauthorized account creation.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The code persists token-bearing user records locally after obtaining them from the remote service. Storing authentication material for a skill whose stated purpose is image analysis materially increases compromise impact if the local datastore is accessed, and the persistence is not obviously necessary for the user-facing function.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger conditions are broad enough to activate on common image-analysis or incubation-related requests, which can cause the skill to run when the user did not intend its cloud, file, or account-linked behaviors. Over-broad invocation increases the chance of accidental data handling and unexpected side effects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Automatically saving uploaded files locally without a clear warning or retention notice creates unannounced data storage. Even if the media seems low sensitivity, silent persistence increases exposure through later reuse, leakage, or cross-session access.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill mandates cloud API queries using user-linked identifiers without a prominent upfront privacy notice. This can result in users unknowingly transmitting account-associated data and receiving records tied to identity, which is risky if consent and access control are unclear.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The interface explicitly accepts sensitive identifiers including OpenID, username, and phone number without any notice about collection, storage, transmission, or retention. In this skill, that identifier is used for record lookup and may be propagated to backend services, creating privacy and compliance risk if users are not informed and if data minimization is not applied.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal