ClawHub

Elderly Medication Compliance (Pick-up / To-mouth / Swallow) | 老年人服药动作确认(取药/入口/吞咽)

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill needs Review because it handles sensitive elderly-care video and identifiers through remote services while bundling broader health/face analysis and account-token handling than its medication-checking purpose clearly supports.

Install only after the publisher narrows the skill to medication-compliance endpoints, removes unrelated health/face and pet-analysis code, fixes the yaml dependency, and documents exactly what video, identifiers, tokens, and reports are sent or stored. Users should require explicit consent for cloud upload and history lookup, avoid passing phone/open-id values on the command line, and confirm how local videos and saved tokens can be deleted.

SkillSpector (23)

By NVIDIA

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill claims to only analyze medication-taking video, but it also fetches cloud-hosted historical reports tied to a user identifier. That expands data processing from a single analysis task to ongoing access to sensitive medical-adjacent history, creating privacy and overcollection risks if triggered unexpectedly or for the wrong account.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The workflow requires collecting an open-id from config files or direct user input, which is a materially different operation from simple visual analysis. Because the identifier is used to save/query backend records, the skill introduces account linkage and potential cross-user data exposure that is not obvious from the high-level description.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to read configuration files to obtain an API key/open-id, effectively turning a video-analysis task into credential discovery. Reading secrets from local config paths is dangerous because it can expose tokens or identifiers without clear user awareness and can be repurposed to access backend data beyond the requested task.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The medication-compliance skill's analysis method injects a petType parameter and includes commented-out scene selection logic, indicating code reuse or behavioral mismatch with the stated healthcare purpose. In a health-monitoring workflow, sending unrelated analysis parameters can route data to the wrong backend model or processing path, causing incorrect medication-compliance decisions, false alerts, or missed adherence failures involving vulnerable elderly users.

Intent-Code Divergence

High
Confidence
90% confidence
Finding
The inline comment explicitly states that a pet-type parameter is being added, which directly contradicts the declared medication-monitoring functionality and strongly suggests the service may be wired to an unrelated inference flow. In this safety-critical context, such hidden domain mismatch increases the risk of misclassification, unreliable compliance reports, and caregiver actions based on incorrect medical-monitoring output.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented API endpoint and response schema describe a generic facial/health diagnosis service, not a medication-compliance workflow based on pickup, to-mouth, and swallow detection. This mismatch is dangerous because it indicates the skill may transmit sensitive elder video to an unrelated remote biometric/health-analysis service, creating undisclosed functionality, privacy exposure, and a strong risk of deceptive or out-of-scope data processing.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The response body explicitly returns face detection and health/constitution diagnosis fields unrelated to the stated skill purpose of monitoring medication adherence. In the context of elderly care, this expands processing into sensitive biometric and inferred health profiling without clear necessity, which raises the risk of privacy harm, regulatory noncompliance, and misuse of highly sensitive data.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The implementation materially differs from the declared elderly medication-compliance purpose and instead exposes generic analysis/report handling, including health/face-analysis response paths. This kind of capability mismatch is dangerous because users or integrators may grant access to sensitive elder-care video under false assumptions, while the skill actually routes data through broader APIs and produces unrelated outputs, undermining consent, trust boundaries, and safe deployment review.

Intent-Code Divergence

Medium
Confidence
81% confidence
Finding
The code comments and output behavior imply API-returned reports are authoritative, yet the rendered content can include unrelated health/face assessment fields. In a healthcare-adjacent elder-monitoring context, mixing unrelated assessments into report output can mislead operators, cause incorrect downstream decisions, and conceal what data categories are actually being processed.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The file implements generic persistence for user identities, profile attributes, and authentication-like tokens despite the advertised skill being limited to medication-compliance camera monitoring. This functionality expansion increases the privacy and security attack surface, creates opportunities for unnecessary collection of sensitive data, and may indicate undeclared account or tracking behavior.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The model stores token, open_token, email, birthday, age, and sex, which are sensitive account and profile fields unrelated to simple observation of medication-taking steps. In a skill focused on elderly monitoring, collecting and persisting this data materially raises privacy harm, breach impact, and regulatory risk if the database is exposed or reused beyond the declared purpose.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The generic HTTP helper performs account lookup, auto-registration/login via a phone-login API, token acquisition, and local credential persistence, which is far beyond a medication-compliance camera skill's stated function. In this context, silently creating or reusing user identities and storing tokens expands the attack surface, can trigger unauthorized account actions, and enables covert data exfiltration or cross-service access if the utility is invoked by the skill.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The helper `_get_or_create_user` sends `mobile`, `openId`, and registration flags to a remote `/sys/phoneLogin` endpoint and can create an account automatically. For a medication adherence monitoring skill, this is unrelated and dangerous because it couples health-related operation with undisclosed identity provisioning, potentially creating accounts or linking identities without informed consent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The default trigger is broad enough that the skill may activate on any uploaded medication-area video, even when the user did not clearly request compliance analysis. Overbroad activation increases the chance of sending sensitive household health footage to local storage or cloud processing without sufficiently specific intent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The history-report query triggers are broad and ambiguous, making it easy for ordinary phrasing to initiate retrieval of cloud-stored compliance records. In a health-related context, accidental retrieval of past reports can expose sensitive behavior patterns and linked account data beyond the user's immediate intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow says uploaded videos are automatically saved locally, but this is not surfaced as a prominent warning in the skill description. Automatic local persistence of medication footage increases privacy risk, retention risk, and potential unauthorized access to highly sensitive health-related household recordings.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill does not prominently warn that videos and user identifiers are sent to cloud APIs and history services, despite handling highly sensitive elder-health behavior data. Hidden remote transfer of such data creates serious privacy, compliance, and trust risks, especially if users assume analysis is local or limited to the current session.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Collecting a sensitive identifier such as OpenID, username, or phone number via a CLI flag can expose it through shell history, process listings, audit logs, and job schedulers. In this healthcare-related skill, that identifier may be linkable to medication-monitoring records, increasing privacy risk and potential regulatory exposure if local users or monitoring tools can read process arguments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The API supports uploading videos or providing public video URLs to a remote analysis service, yet the documentation gives no warning about handling of sensitive biometric and health-related data. Because the monitored subjects are elderly people in private homes or care settings, silent remote transfer of medication-area video materially increases privacy, surveillance, and data-protection risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill reads local files into memory for upload or forwards remote video URLs to an analysis API without any visible notice, consent flow, or minimization controls in this code. Because the described use case involves continuous monitoring of elderly people in private homes or care facilities, silent transmission of highly sensitive video creates substantial privacy, compliance, and data-governance risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script requires an --open-id value and stores it in a global runtime constant, then uses downstream functions that may transmit or log it without any minimization, masking, or privacy notice. In the context of elderly medication monitoring, this identifier is tied to sensitive health-adjacent behavioral data, increasing privacy risk if logs, reports, or API calls are exposed.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The request helper automatically attaches identifying fields such as `pnaUserName`, tenant/platform metadata, and authentication headers (`X-Access-Token`, `X-Api-Key`, `Authorization`) to outbound requests without any visible user-facing disclosure in this code. In a health-oriented skill, hidden transmission of identity and auth data is especially sensitive because it may link medication behavior with personal identifiers across backend services.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The user lookup/creation helper posts `mobile` and `openId` to a remote endpoint with no visible disclosure, consent, or data minimization controls in this file. Because this skill processes elderly medication adherence, undisclosed transfer of identifiers increases privacy risk and can expose sensitive health-adjacent behavioral data when identities are linked server-side.

Static analysis

Install untrusted source

Warn
Finding
Install source points to URL shortener or raw IP.

Dep not found on registry

Critical
Finding
1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal