Elderly Hand Resting-Tremor Detection | 老年人手部震颤（静止性）识别

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended for tremor analysis, but it needs Review because it sends sensitive health videos and identifiers to a remote service and silently creates or caches account tokens locally.

Install only if you trust the remote Life Emergence/SMYX service with elderly health videos and identity-linked report history. Before use, confirm consent from the person being recorded, avoid providing a phone number unless required, understand that account tokens/profile data may be stored locally, and review or fix the dependency list before installation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (24)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 79% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 79% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill goes beyond one-time video analysis by retrieving cloud history reports and binding activity to a persistent open-id. In a sensitive health context, this expands data linkage and retention risks, enabling profiling of an elderly person's neurological history beyond what users may expect from a screening tool.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to read configuration files and use api-key/open-id credentials, including searching workspace paths for secrets. This is dangerous because it normalizes secret discovery and credential reuse from local files, which can lead to unauthorized access, cross-skill secret exposure, and abuse of stored credentials.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The manifest presents the skill as performing AI video-motion analysis, but the implementation is described as uploading files or URLs to a remote API for server-side processing. This is dangerous because users may believe analysis is local when sensitive health video is actually transmitted off-device, affecting privacy, consent, and compliance expectations.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The code injects a petType parameter into analysis requests for a skill that is supposed to analyze elderly hand tremors. This strongly suggests code reuse from an unrelated animal-focused skill, creating a semantic mismatch that can misroute requests, trigger the wrong model or policy path, and cause unsafe medical-screening outputs. In a health-related skill, such misclassification or backend confusion is more dangerous because users may rely on inaccurate risk alerts for Parkinsonian tremor.

Intent-Code Divergence

High

Confidence: 95% confidence
Finding: The inline comment explicitly says a pet-type parameter is being added, directly contradicting the skill's stated medical purpose. This is evidence of copy-paste integration from an unrelated skill and increases confidence that the request contract is wrong, which can lead to incorrect backend behavior, model selection, or data handling. Because this skill may influence caregiver decisions about neurological health, such implementation confusion materially raises safety and security risk.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The documented API endpoint and response schema describe a generic face-detection and broad health/constitution diagnosis service, which materially conflicts with the stated skill purpose of detecting hand resting tremor from video. In a medical-screening context, this mismatch is dangerous because integrators may send elderly users' videos to an unrelated analysis pipeline, causing unauthorized biometric/health inference, misleading outputs, and unsafe downstream medical alerts.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The response format explicitly includes face_detection, organ-condition assessment, complexion analysis, and lifestyle advice unrelated to resting-tremor screening. This represents scope expansion into sensitive biometric and medical profiling beyond the advertised purpose, increasing privacy risk and the chance of deceptive or medically inappropriate conclusions for a vulnerable elderly population.

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: The code accepts arbitrary HTTP(S) video URLs and local files, then forwards them to backend analysis APIs, which materially expands the skill beyond the stated fixed home-camera tremor-screening use case. This increases attack surface and privacy risk because the backend may fetch or process untrusted remote resources and analyze videos outside the declared scope, potentially enabling misuse, unexpected data flows, or SSRF-like behavior depending on backend implementation.

Description-Behavior Mismatch

Low

Confidence: 81% confidence
Finding: The skill exposes historical report listings and export URLs even though that capability is not described in the manifest, creating an undocumented data-access surface. In a health-monitoring context, historical records and report links may reveal sensitive medical inference data, so undocumented retrieval functions raise privacy and authorization concerns.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The code accepts an arbitrary remote URL and passes it to backend analysis without any visible allowlisting, scheme restriction, or validation. In a health-monitoring context that is supposed to analyze fixed home-camera footage, this broad input surface can enable misuse of the service, unexpected ingestion of third-party content, and potentially server-side fetching risks in downstream components if the backend retrieves the URL directly.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The CLI requires a broad identifier that may include username or phone number, which is excessive for the stated purpose of running tremor analysis. Because this skill processes sensitive health-related output, collecting unnecessary personal identifiers increases privacy risk, linkage risk, and regulatory exposure if results are stored or listed by that identifier.

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: This module defines persistent user-account storage and mutation capabilities that are unrelated to the stated hand-tremor video screening purpose. In a medical-monitoring skill, collecting and maintaining extra identity/account data broadens the attack surface and creates unnecessary privacy and compliance risk, especially for elderly users.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The model stores token, open_token, email, birthday, age, and sex despite the skill being described as a medical video-screening tool. Persisting authentication-like secrets and sensitive profile data without clear justification is dangerous because compromise of the local SQLite database would expose credentials and personal/health-adjacent data, increasing privacy harm and account takeover risk.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The file for a hand-tremor detection skill contains a generic `ai_chat` capability that is unrelated to the advertised medical-video analysis purpose. Even though the subprocess invocation is currently commented out, the presence of this latent agent-execution pathway expands the attack surface and could later be enabled to send arbitrary prompts or delegate behavior outside the expected skill scope.

Intent-Code Divergence

Medium

Confidence: 81% confidence
Finding: The docstring claims the function invokes `openclaw agent` via subprocess, but the implementation does not do that and instead uses a dummy `result: dict = {}`. This mismatch is dangerous because it obscures the real behavior, can mislead reviewers about what code paths are active, and suggests incomplete or intentionally disabled execution logic that may be re-enabled later without proper review.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The utility silently performs remote account creation/login via /sys/phoneLogin, derives identity from a username/openId/mobile value, and persists returned tokens locally through the DAO. That behavior materially exceeds a tremor-screening skill's stated purpose and creates an undisclosed identity, credential, and backend-coupling risk if triggered automatically.

Context-Inappropriate Capability

High

Confidence: 95% confidence
Finding: This file implements a broad external API client that injects app IDs, API keys, access tokens, authorization headers, tenant data, skill metadata, and usernames into arbitrary requests. In the context of a home health screening skill, this expands the trust boundary far beyond the declared functionality and makes unauthorized data transmission or backend abuse easier if any caller reaches this utility.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The auto-trigger conditions are broad for a sensitive health-analysis skill, causing analysis or report retrieval to activate on generic symptom keywords and uploaded video presence. In a medical/privacy-sensitive setting, this increases the chance of unintended processing of health data without clear user intent.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill states that uploaded attachments or video files are automatically saved locally, but this is not clearly surfaced as a prominent warning in the manifest's user-facing scope. Automatic local persistence of health-related video increases exposure to unauthorized access, retention beyond user expectation, and accidental disclosure.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The code reads local video files and transmits their contents to an external analysis service without any visible notice, consent prompt, or disclosure in this component. Because the skill handles elderly health videos, the data is highly sensitive and may contain biometric/medical information, making undisclosed transmission a significant privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill forwards user-supplied video URLs to the analysis service without visible warning or confirmation. This creates an undisclosed outbound data flow and, depending on backend behavior, may also cause the service to fetch attacker-controlled URLs or third-party content, which is especially concerning in a medical-monitoring context.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The code transmits user identifiers such as openId/mobile/username and authentication material to external services without any indication here of consent, disclosure, or minimization. Because the skill concerns elderly health monitoring, undisclosed transmission of identity-linked data is more sensitive than in a generic utility and increases privacy and compliance risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal