ClawHub

Elderly Drinking-Cup Pickup Frequency (Dehydration Risk) | 老年人饮水杯拿起频率(脱水风险)

Security checks across malware telemetry and agentic risk

Overview

The skill has a coherent elder-hydration monitoring purpose, but it also uploads sensitive home video, handles identifiers and tokens, silently uses remote account flows, and contains mismatched analysis features that require review before installation.

Install only if you are comfortable sending elder-care home video and identity-linked report data to the publisher’s cloud service. Confirm consent from the recorded person or guardian, use a dedicated non-personal identifier instead of a phone number where possible, and ask the publisher to remove the pet/diagnosis mismatch, silent registration, and broad token storage before using this in a real home or care setting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (20)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill directs the agent to search local configuration files for an api-key/open-id before processing, including workspace-level paths unrelated to the immediate user request. That behavior expands data access beyond the stated video-analysis task and risks unauthorized credential harvesting or reuse of identifiers from other skills or shared directories.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The operational instructions materially expand the skill from simple cup-pickup counting into historical report retrieval, cloud-backed storage, personal baseline profiling, and proactive report queries. This scope creep matters because it increases collection and processing of sensitive behavioral data without clearly reflecting that expanded behavior in the manifest description or obtaining targeted consent.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The code injects a petType parameter into analysis requests for a skill that is explicitly about elderly hydration monitoring. This cross-domain parameter strongly suggests code reuse or hidden behavior that can route data to the wrong model or backend workflow, causing misclassification, unintended data sharing, or execution of logic unrelated to the declared purpose. In a camera-based elder-care context, such undeclared parameterization is especially concerning because it may affect health alerts generated from sensitive household video analysis.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The inline comment explicitly states that a pet-type parameter is being added, directly contradicting the stated elderly drinking-frequency purpose. This is not harmful by itself, but it corroborates that the implementation contains mismatched cross-purpose logic, increasing the likelihood of wrong backend routing, hidden feature carryover, or accidental processing under an unrelated model. In a health-monitoring skill for elderly users, such inconsistencies can undermine trust and lead to unsafe or incorrect alerts.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The documented endpoint performs broad video analysis and returns face detection plus constitution/organ-diagnosis data that do not match the stated purpose of merely counting cup pickup events. In an elderly-care context, this creates strong risk of undisclosed collection and inference of sensitive biometric and health data far beyond what is necessary, violating data-minimization expectations and expanding harm if the service is misused or breached.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Including face detection and health/constitution diagnosis for a hydration-monitoring skill is unjustified over-collection of sensitive data. Because the target users are elderly people in homes or care settings, these extra capabilities raise the stakes: they enable biometric processing and medical-like profiling without clear necessity, consent boundaries, or safeguards.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The code accepts arbitrary http/https video URLs and forwards them to the backend analysis service, which expands the trust boundary beyond the fixed-camera/local deployment described in the skill metadata. This can enable misuse such as analyzing untrusted third-party streams, privacy-invasive remote content ingestion, or backend abuse if the downstream service fetches attacker-controlled URLs.

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
The file defines a persistent user-account model storing identity and authentication-related data such as username, email, token, and open_token, which is materially unrelated to the declared purpose of elderly drinking-frequency video analytics. In a camera-based elder-care context, collecting and retaining extra account/token data expands the privacy and breach impact surface without clear necessity, increasing the risk of unauthorized profiling, token leakage, and overcollection of sensitive personal data.

Context-Inappropriate Capability

High
Confidence
91% confidence
Finding
The code includes account-management/auth-adjacent capability through a User model and DAO methods for username-based lookup and mutation, despite the skill being described as a hydration-monitoring analytics feature. In a monitoring system for elderly individuals, adding unjustified account/token handling increases attack surface and creates unnecessary access to personal and authentication data that could be abused if the local database is exposed.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The utility layer performs networked login/registration, token acquisition, and persistence to an external health backend, which is materially broader than the skill’s stated purpose of local camera-based cup-pickup counting. This creates undisclosed data flows and account lifecycle side effects that could expose identifiers, create shadow accounts, and couple a simple monitoring feature to remote services without explicit consent.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The code can silently create or update user state in an external health system by calling /sys/phoneLogin with register enabled and then saving returned tokens locally. For a hydration-monitoring skill, this is an unjustified privileged side effect that expands the attack surface and can lead to unauthorized account provisioning, identity linkage, and privacy violations.

Context-Inappropriate Capability

Medium
Confidence
79% confidence
Finding
The helper exposes generic POST/PUT/DELETE wrappers that enable arbitrary remote state-changing requests from shared code. While common in SDKs, in this skill context it broadens capability well beyond the narrow declared function and makes it easier for other code paths to perform hidden outbound actions or destructive API operations.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The automatic trigger phrases for history lookup are broad and ambiguously defined, which can cause unintended activation of cloud report retrieval when a user mentions related topics. In a health-monitoring context, accidental retrieval of prior reports can expose sensitive behavioral and quasi-medical data beyond what the user intended in the current conversation.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill centers on fixed-camera monitoring in private home or care settings and directs use of a cloud API, but it does not present a prominent upfront warning that sensitive household video may be transmitted off-device. Users may therefore provide intimate in-home footage without understanding the transfer, retention, or third-party processing implications.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The API accepts uploaded videos or public video URLs and an API key, but the documentation provides no warning or guidance about handling sensitive household video, elderly subjects, retention, access control, or transmission risks. This omission can lead integrators to send highly sensitive footage to a remote service without proper user notice, consent, or secure operational practices.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill reads full local video files into memory for upload or forwards remote video URLs to an external analysis service without any visible user-facing notice, consent flow, or data-handling disclosure in this code path. Because the skill processes home-monitoring video of elderly people in private spaces, silent transmission of this sensitive footage materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The CLI requires an --open-id value and explicitly documents that it may be an OpenID, user ID, username, or phone number, all of which are sensitive identifiers. In a health-monitoring context for elderly hydration risk, collecting and processing directly identifying data without any privacy notice, minimization, or pseudonymization increases the chance of privacy harm, accidental disclosure in shell history/logs, and noncompliant handling of health-adjacent personal data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The tool accepts a remote --url and passes it into backend analysis without warning the user that external content will be fetched and potentially transmitted for processing. In this skill's context, the content is video from inside a home or care setting focused on an elderly person's behavior, making silent transmission of remote video especially sensitive from a privacy and consent perspective.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The request path injects user identifiers and authentication material into outbound requests, yet this file shows no notice, consent, or transparency mechanism for such transmission. In a camera-based elderly-care setting, undisclosed transmission of identity-linked data is especially sensitive because it may involve vulnerable individuals and caregiver-managed accounts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The helper automatically performs remote phoneLogin/registration without any visible user-facing disclosure or approval gate. Silent enrollment is dangerous because users may be unaware that using a local-seeming monitoring feature causes external account creation and associated processing of identifiers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal