老人离床徘徊监测技能

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate elder-safety monitoring purpose, but it uploads sensitive video and handles identities, account tokens, and cloud history in ways that need careful review.

Review before installing. Use this only if you trust the publisher, have consent to process the monitored person's footage, and understand where videos, reports, usernames or phone numbers, API keys, and locally stored tokens go and how they are protected.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (22)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 84% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 84% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill requires reading local configuration files to obtain an api-key/open-id before performing monitoring, even though that secret retrieval is not necessary to describe the user-facing task. This creates an unnecessary secret-discovery behavior that can expose credentials from the workspace or adjacent skill directories and expands access beyond the intended elderly-monitoring function.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The documented API is materially inconsistent with the skill's stated purpose: instead of bed-exit, wandering, and motionlessness monitoring, it exposes a generic analysis endpoint returning face detection and health/constitution diagnosis results. This mismatch is dangerous because it can cause the skill to collect and process biometric and health-related data outside the user’s reasonable expectations, indicating possible scope creep, deceptive documentation, or backend miswiring.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: Face detection and health/constitution diagnosis are highly sensitive capabilities that are not justified by an elderly wandering-monitoring use case. Including these functions increases privacy risk, enables unnecessary profiling of vulnerable individuals, and may violate data minimization principles for biometric and health data.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The skill manifest describes analytics and monitoring for elderly bed-exit and wandering detection, but this API wrapper also exposes record-management operations such as add, edit, and delete. That creates unnecessary capability expansion beyond the stated purpose, increasing the attack surface and enabling modification or removal of monitored records or device-associated entries if the skill is invoked improperly or compromised.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: For a night-time elderly behavior analysis skill, CRUD-style operations are not justified by the stated use case and represent excessive privileges. In this context, delete(cameraSn) is especially concerning because it could remove or tamper with camera-linked records, undermining safety monitoring, auditability, and trust in alerts for a vulnerable population.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The history-listing function accepts a free-form --open-id and passes it directly to skill.get_output_analysis_list(open_id=open_id), enabling lookup of analysis history for any supplied user identifier if the backend does not enforce strict authorization. In a monitoring context involving elderly users, analysis history may reveal highly sensitive behavioral or health-related information, making insecure direct object reference and privacy leakage especially dangerous.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: This file exposes generic HTTP primitives and CRUD-style wrappers (`http_get`, `http_post`, `http_put`, `http_delete`, `add`, `edit`, `delete`) that can send requests to arbitrary URLs, which is far broader than the stated elderly monitoring purpose. In an agent skill context, such unrestricted network capability can be repurposed for unauthorized outbound access, data exfiltration, or invoking destructive remote actions, especially because there is no visible allowlist, authentication boundary, or scope restriction in this file.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The implementation performs remote resource management and generic network operations, including download URL generation and broad request forwarding, which exceeds the declared behavioral scope of bed-exit/wandering analysis. That mismatch increases risk because users and reviewers may expect passive analysis while the code can perform arbitrary outbound interactions and potentially manipulate remote systems.

Description-Behavior Mismatch

High

Confidence: 93% confidence
Finding: The file defines generic user-account persistence including username, email, birthday, token, and open_token storage, which is unrelated to the declared elderly behavior monitoring purpose. In a mismatched skill context, unexplained credential/token storage materially increases the risk of privacy violations, secret retention, and covert data collection beyond user expectations.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: This utility provides broad outbound HTTP capability, automatic authentication handling, and account lifecycle behavior that significantly exceeds a bedside monitoring/analysis skill's stated purpose. In this context, the module can transmit data to external services and invoke unrelated platform actions, increasing the risk of unauthorized data exfiltration, hidden backend coupling, and misuse of user identity.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The `_get_or_create_user` flow silently calls a remote `/sys/phoneLogin` endpoint with `register: 1`, enabling automatic remote account creation or login based on a username/mobile value. For an elderly wandering-monitoring skill, hidden user provisioning is unjustified and dangerous because it can create accounts without informed consent and bind sensitive monitoring activity to externally managed identities.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The code retrieves, refreshes, and persists tokens and user records locally through DAO operations, even though this file is part of a monitoring-analysis skill. That creates unnecessary credential handling and stateful identity management, which broadens the attack surface and risks token leakage, replay, or unauthorized reuse if storage or logs are compromised.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The default trigger activates whenever a user provides a nighttime monitoring video for elderly abnormal-behavior detection, without requiring strong confirmation or narrower routing conditions. Overbroad triggering can cause the agent to process sensitive video unexpectedly, invoke networked analysis, and collect identifiers when the user may not have intended to use this specific skill.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The historical-report workflow is triggered by broad keywords such as viewing report lists, which can cause automatic cloud queries for prior monitoring records without clear scoping or consent checks. In a healthcare-adjacent context, unintended retrieval of historical reports increases privacy risk because it may expose sensitive behavior data tied to an identifiable elderly person.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill describes continuous nighttime camera monitoring and alerting, but does not prominently warn about privacy implications or that data may be sent to a cloud API. Because the monitored subjects are elderly individuals in private living spaces, missing privacy notice and consent guidance materially increases the risk of unlawful or inappropriate surveillance and disclosure of highly sensitive personal data.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The API accepts direct video uploads and public video URLs, but the documentation provides no warning or safeguards regarding the handling of sensitive footage that may contain elderly individuals, living spaces, biometric identifiers, and inferred health information. In this context, omission of privacy guidance is risky because users may unknowingly expose highly sensitive surveillance data to third parties or via publicly accessible URLs.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The code reads the entire local file and uploads it to an analysis service without any user-facing consent, warning, or minimization controls in this component. Because the skill processes elderly-monitoring video, the content is likely highly sensitive, increasing privacy and compliance risk if users are unaware that footage is transmitted off-device.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The CLI requires an open-id that may be a phone number, username, or other sensitive identifier, but provides no warning that this value may be transmitted, logged, stored in shell history, or exposed to other local users. In the elderly-monitoring context, combining a personal identifier with behavioral surveillance data increases privacy risk and can facilitate unauthorized correlation of sensitive records.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The request flow sends identifiers such as username/mobile and authentication material in headers to external services, while this code contains no visible consent, disclosure, or data-minimization controls. Because the skill targets elderly safety monitoring, the surrounding context makes silent transmission more sensitive, especially if tied to vulnerable users or care environments.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs the agent to ask for a username or phone number to use as an open-id for saving and querying monitoring reports. This creates a natural-language collection flow for personal identifiers linked to sensitive health/safety monitoring data, increasing risks of privacy violations, account correlation, and unauthorized record access if the identifier is reused or guessed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal