Elderly Night Bed-Exit & Wandering Detection | 老年人夜间离床时长与徘徊识别

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill’s elder-monitoring purpose is plausible, but it sends highly sensitive bedroom video and identifiers to cloud services while also using under-disclosed account creation, token storage, and generic health/face-analysis code paths.

Review carefully before installing. Only use this with explicit consent from the monitored person or their legal representative, avoid phone numbers as identifiers where possible, do not upload public video URLs unless they are protected and time-limited, and treat the dependency issue and local token persistence as reasons to require publisher fixes before production use.

SkillSpector (21)

By NVIDIA

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill exposes significant capabilities—environment access, file read/write, network, and shell execution—without declaring permissions or clearly constraining their use. In a skill that handles sensitive bedroom surveillance data and user identifiers, this creates hidden trust boundaries and prevents users or platform policy from meaningfully evaluating what data may be accessed, transmitted, or persisted.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 98% confidence
Finding: The documented purpose is bedside monitoring, but the behavior expands into backend account creation/login, token storage, history retrieval, and remote generic analysis not disclosed by the manifest. This mismatch is dangerous because operators may provide highly sensitive elderly bedroom video and identifiers believing processing is local or purpose-limited, while the skill actually transmits data to a cloud backend and persists authentication artifacts.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill broadens scope from analysis/alerting into cloud-backed historical report listing and report-link presentation, which introduces additional data access beyond the stated function. In this context, that means a user invoking video analysis may also gain access to prior reports and externally hosted report URLs containing sensitive health-adjacent monitoring records.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to obtain an open-id or API credential from config files or user-supplied identifiers and then use it to call cloud APIs, which is a privileged authentication flow not justified by the bedside monitoring description. Pulling credentials from local config and reusing user identifiers as login material increases the risk of credential misuse, unauthorized account access, and silent expansion into other backend data tied to that identity.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The `analysis` method unconditionally injects a `petType` parameter into requests for an elderly bed-exit monitoring skill, which is clearly inconsistent with the stated purpose and suggests code reuse from an unrelated domain. This can cause misrouting, incorrect backend model selection, policy bypass through unintended parameter influence, or leakage into the wrong tenant/workflow if the backend interprets `petType` semantically.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The API documentation is materially inconsistent with the stated purpose of the skill: instead of bed-exit and wandering analysis, it describes a generic endpoint that performs face detection and health/constitution diagnosis from video. This mismatch is dangerous because it can enable covert collection or processing of highly sensitive biometric and inferred health data under the pretense of a lower-risk elder-safety monitoring function, especially in bedrooms and care facilities.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: Face detection and health/constitution diagnosis are not justified by the skill's stated function of detecting bed-exit duration and wandering behavior. In the context of infrared bedroom monitoring of elderly individuals, this expands processing into sensitive biometric and health inference territory, creating substantial privacy, compliance, and misuse risk without clear operational need.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The historical report listing code pulls and displays generic `healthAiResponse` or `faceAnalysisResponse` fields even though this skill is described as elderly night bed-exit and wandering monitoring. In this context, that creates a real data-minimization and cross-context data exposure risk: users querying for bed-exit reports could receive unrelated health/face-analysis results, potentially leaking sensitive medical or biometric inferences beyond the intended purpose.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The inline comments and extraction logic refer to constitution/health judgments while the advertised function is bed-exit and wandering detection. This mismatch is not just documentation drift; it is evidence that code paths from another medical-analysis domain may have been reused here, increasing the chance that sensitive health assessments are surfaced in the wrong workflow or to the wrong audience.

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: The file implements a persistent user-account DAO with fields unrelated to the stated bed-exit/wandering analysis function, indicating data-scope expansion beyond the declared purpose. In a monitoring skill handling sensitive elderly-care environments, unnecessary account-data persistence increases privacy and compliance risk and broadens the attack surface if the local database is accessed.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The User model stores token and open_token values in plaintext-like string fields without any visible protection, despite the skill description not justifying credential handling. Storing authentication material locally in a generic SQLite database can enable account takeover or lateral access if the host, database file, backups, or logs are exposed.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: This shared utility contains hidden account lifecycle logic, token acquisition, token persistence, and a payment/upsell flow that are not necessary for a bed-exit/wandering monitoring skill. Embedding these behaviors in a generic HTTP helper expands the skill's privileges and causes unrelated network-side effects such as silent registration, credential reuse, and monetization prompts whenever API calls occur.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The code can silently call /sys/phoneLogin with register=1 and user identifiers derived from current usernames/open IDs, effectively creating or authenticating accounts without an explicit user action. For a camera-based elderly monitoring skill, this is unjustified functionality and creates privacy, compliance, and unauthorized account provisioning risk.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The default trigger is overly broad and can activate on general night-monitoring video requests without sufficient narrowing, increasing the chance of unintended invocation. Because this skill can save files, access credentials, and send sensitive surveillance video to remote services, accidental triggering materially raises privacy and data-transfer risk.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill lacks an upfront, prominent warning that highly sensitive bedroom surveillance video and personal identifiers may be transmitted to an external API/cloud service. Given the subject matter—elderly nighttime monitoring in private spaces—this omission undermines informed consent and can expose intimate behavioral data, room footage, and identity-linked records to third-party systems without adequate user awareness.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The script requires `--open-id` and explicitly allows values such as OpenID, username, or phone number, which are sensitive identifiers in an elderly-care monitoring context. Collecting and propagating such identifiers without any privacy notice, minimization, masking, or documented handling increases the risk of unnecessary exposure in logs, terminals, shell history, and downstream systems handling health-adjacent surveillance data.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation instructs users to upload videos or submit public video URLs with an API key but provides no warning about the sensitivity of bedroom surveillance footage, the risks of exposing videos via public URLs, or the need to protect credentials. This is especially concerning given the elderly-care setting, where footage may reveal intimate living conditions and health-related behavior, increasing the consequences of accidental disclosure or unauthorized access.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The code reads the entire local video file and uploads it to an external analysis API without any explicit consent notice, confirmation step, or visible transmission warning at the point of use. Because this skill processes bedroom/night-vision footage of elderly individuals, the privacy sensitivity is extremely high, and silent transmission of such recordings can violate least surprise, consent, and regulated data-handling expectations.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The CLI requires an --open-id value and its help text explicitly allows highly sensitive identifiers such as phone numbers, usernames, and user IDs, but provides no warning, minimization guidance, or notice that this data may be transmitted to backend services. In the context of elderly-care video monitoring, this increases privacy risk because operators may input personally identifiable information for vulnerable individuals or caregivers without understanding exposure or retention implications.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: Requests automatically attach identifiers such as pnaUserName and authentication headers including X-Access-Token, X-Api-Key, and Authorization, with no disclosure or minimization in this code path. In debug mode, request metadata is also printed, increasing the chance of sensitive information leakage through logs or consoles.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: Retrieved token and openToken values are written into persistent user records without any visible notice, retention policy, or security controls shown here. Persisting reusable authentication material increases the blast radius of compromise and may violate expectations for a monitoring-only skill.

Static analysis

Install untrusted source

Warn

Finding: Install source points to URL shortener or raw IP.

Dep not found on registry

Critical

Finding: 1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal