ClawHub

老人跌倒检测技能

Security checks across malware telemetry and agentic risk

Overview

The skill is related to fall detection, but it under-discloses sensitive cloud media upload, account/token handling, and report-history access.

Review before installing. Only use this skill if you are comfortable sending elder-care images/videos or public media URLs, usernames or phone-like identifiers, and report-history requests to the publisher's remote services, and if local storage of account/profile data and tokens is acceptable in your environment. Prefer a dedicated account identifier, avoid using private public URLs, and do not use it for regulated care workflows without separate privacy, consent, and authorization controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (19)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to read local configuration files to obtain an open-id/api-key before analysis, which expands access to local secrets beyond the user's direct request. That is risky because a media-analysis skill does not inherently need to inspect workspace config files, and doing so may expose credentials or identifiers stored for other components.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documented endpoint and response schema do not match the stated purpose of elderly fall detection; instead, they describe face detection and health/constitution diagnosis. This indicates scope drift or deceptive capability disclosure, creating a serious risk that the skill collects and processes sensitive biometric and health-related data unrelated to its advertised function.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The API response includes facial analysis and health/constitution diagnosis outputs that are not necessary for detecting whether an elderly person has fallen. In a home-monitoring context involving elderly users, this unnecessarily expands collection of highly sensitive biometric and inferred health data, increasing privacy, compliance, and misuse risks.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill accepts arbitrary HTTP/HTTPS URLs and generic local video files, then forwards them to a remote analysis service, which is materially broader than the manifest's narrowly stated elderly fall-detection purpose. This scope mismatch can enable unexpected surveillance, processing of unrelated sensitive footage, and user confusion about what data is being sent off-device.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill exposes report-history retrieval and report-image export URL generation, capabilities that exceed the manifest's stated real-time detection/alarm function. If access controls are weak elsewhere, this expands the attack surface for browsing prior analyses or obtaining links to potentially sensitive reports containing elderly home-monitoring data.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The file implements generic user-account persistence, including a sys_user table and user DAO, which does not align with a fall-detection analysis skill. In a safety-monitoring context, unexplained identity/account storage increases the attack surface and suggests hidden collection of user data beyond the stated purpose. While not inherently malicious, the mismatch is a real security/privacy concern because it enables retention of sensitive user records without clear need.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The User model stores sensitive personal and authentication data including email, birthday, age, token, and open_token, none of which is justified by the stated fall-detection purpose. In a home elderly-monitoring context, collecting and persisting these fields creates significant privacy and credential-compromise risk if the local database is accessed, copied, or mishandled. Storing tokens in plaintext is especially dangerous because it can directly enable account or API abuse.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The HTTP utility silently performs user lookup, auto-registration/login, and local persistence of auth tokens in a generic helper that is unrelated to a fall-detection skill’s stated purpose. This expands the skill’s behavior into identity/account management and credential handling without clear user consent, increasing the risk of unauthorized account creation, token misuse, and covert data collection if the helper is invoked.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The request helper injects an unrelated payment/recharge workflow when a 402-like condition occurs, which is outside the declared safety-monitoring function of the skill. Embedding upsell/payment instructions in low-level utility code can mislead users, mask operational failures, and create an unexpected monetization path tied to account state.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases for historical report queries are broad enough to activate on ordinary user language, which can cause unintended retrieval of cloud-stored report data. In a health/safety monitoring context, accidental report listing can expose sensitive elderly-care records or incident history without a sufficiently deliberate user request.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Automatically triggering the skill whenever a user uploads monitoring images or videos is too broad and can cause unintended analysis and remote transmission of sensitive home-monitoring media. Because the content involves elderly home surveillance, mistaken activation materially raises privacy risk even if the user did not ask for fall detection specifically.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill does not clearly warn that uploaded photos/videos and historical report requests are sent to a cloud API, despite handling highly sensitive in-home monitoring data. This omission undermines informed consent and could lead users to disclose private surveillance footage, health-adjacent incidents, and household information without understanding the transfer to a remote service.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Requesting a username or phone number as open-id without a clear privacy explanation collects personal identifiers beyond the immediate media-analysis request. In this context, combining identifiers with fall-detection reports can create sensitive profiling and linkage risks if users are not clearly told why the data is required and how it will be stored or shared.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation instructs users to upload videos or provide publicly accessible video URLs but gives no guidance on privacy, retention, access control, or handling of potentially sensitive footage from private homes. For elderly monitoring, such omissions are especially dangerous because the videos may contain intimate in-home activity and vulnerable individuals.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code reads arbitrary local file contents into memory and uploads them to a remote analysis endpoint without any user-facing warning or consent mechanism in this file. Because the skill processes home-monitoring video of elderly individuals, the data is highly sensitive and silent exfiltration to a remote service creates meaningful privacy and compliance risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script requires an --open-id value and describes it as potentially being an OpenID, user ID, username, or phone number, then stores and uses it to query analysis history without any privacy notice, minimization, masking, or validation. In a home elderly-fall-detection context, these identifiers are tied to sensitive health/safety monitoring activity, so collecting and transmitting them without safeguards increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Enabling urllib3/http.client debug logging can expose full request and response details, including headers, tokens, identifiers, and potentially sensitive monitoring data, to console or log sinks. In a home safety context handling elderly monitoring workflows, such leakage increases privacy and credential exposure risk even if gated behind a debug flag.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The helper posts mobile/openId-style identifiers to a remote login/registration endpoint automatically, without any visible consent or purpose limitation in this module. Because the skill is presented as fall detection for elderly home monitoring, undisclosed transmission of personal identifiers to create or access accounts is especially sensitive and outside reasonable user expectation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The request wrapper automatically reads, sets, and transmits authentication tokens, API keys, tenant identifiers, skill-platform metadata, and user identifiers on outgoing requests, with no clear boundary between required telemetry and sensitive account data. In a fall-detection skill, this broad implicit propagation of credentials and identity data creates unnecessary exposure and makes misuse or accidental leakage across endpoints more likely.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal