ClawHub

Elderly Sleep Nightmare / Startle Detection | 老年人睡眠中间惊醒/梦魇行为识别

Security checks across malware telemetry and agentic risk

Overview

This skill’s core purpose is legitimate, but it handles very sensitive bedroom health video through cloud services with under-scoped identity, history, and token behavior.

Review before installing. Use only if the elderly person has given informed consent and you trust the provider with bedroom audio/video, health-adjacent inferences, identity fields, and historical reports. Prefer a dedicated non-secret pseudonymous open-id, do not reuse API keys as identifiers, avoid guessable phone/username identifiers for report lookup, and confirm the provider’s video retention, deletion, and token-storage practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (23)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill extends beyond analyzing a provided sleep video by mandating cloud history-report retrieval and collection of a persistent user identifier. That is a scope expansion involving secondary use of sensitive health-related monitoring data, which can expose private longitudinal records without clear necessity or user opt-in.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The open-id flow instructs the agent to read local configuration files and repurpose an api-key as a user identifier, which is a clear credential/secret misuse pattern. Using secrets from config as identifiers can leak credentials, cross tenant boundaries, and authorize access to reports unrelated to the current user.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The documentation broadens the skill from detecting a few listed behaviors into richer surveillance features like broader event classes, scoring, behavior pattern classification, risk signaling, and clinical-style recommendation output. In a bedroom monitoring context, this increases privacy sensitivity and the chance users are subjected to analysis they did not reasonably expect from the manifest description.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documented API behavior materially diverges from the skill's stated purpose: instead of reporting nighttime startle/scream/arm-thrashing events, it describes a generic remote video-analysis service that performs face detection and broad health diagnosis. In a bedroom elderly-monitoring context, this mismatch is dangerous because it can conceal undisclosed collection and inference on highly sensitive biometric and health data, and may cause operators to deploy functionality they did not consent to or expect.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Face detection and broad health/constitution diagnosis are not necessary for detecting sudden sitting-up, screams, or arm-thrashing during sleep, so their presence indicates unjustified over-collection and over-inference. In an elderly bedroom-surveillance setting, such extra processing increases privacy risk, creates potential biometric profiling, and could expose users to unvalidated medical conclusions beyond the advertised function.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The code accepts arbitrary HTTP/HTTPS video URLs and forwards them for analysis, which expands the skill from a fixed local bedroom-camera workflow into a generic remote content fetch path. In a health-monitoring context, this can enable analysis of third-party surveillance footage or internal URLs, creating privacy, abuse, and possible server-side request risks depending on how the downstream API handles the URL.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The script includes a history-listing function that retrieves prior analysis records based solely on a user-supplied identifier, which expands behavior beyond the stated single-video analysis purpose. In a health-monitoring context, those records may contain sensitive sleep and medical-inference data, so weak binding between caller identity and requested history creates an insecure direct object reference/privacy exposure risk.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Accepting `OpenID/UserId/用户名/手机号` as interchangeable lookup keys for history access materially increases the chance of enumeration, misbinding, and unauthorized retrieval of another person's records. Because this skill processes elderly sleep-monitoring data that may reveal medical conditions, exposing access by guessable identifiers like username or phone number is especially sensitive.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This file exposes a generic API wrapper with add/edit/delete and arbitrary HTTP verb methods that can send requests to caller-supplied URLs, which materially exceeds the narrowly described purpose of elderly sleep-event analysis. In a health-monitoring skill handling sensitive video/audio-derived data, this broad network capability increases the risk of data exfiltration, unauthorized backend access, or repurposing the skill as a general network client if any higher-level component passes untrusted or unexpected endpoints.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The methods http_post, http_put, http_get, and http_delete directly forward caller-controlled URLs and arguments to the request utility, giving the skill unjustified arbitrary outbound request capability. In the context of an elderly health-monitoring application that may process highly sensitive sleep and bedroom data, such unrestricted networking is especially dangerous because it can enable SSRF, data exfiltration to attacker-controlled endpoints, or abuse of internal services if exposed through other code paths.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill is described as elderly sleep-event detection, but this file implements generic user-account persistence and credential-adjacent storage. That functional mismatch is dangerous because it expands the skill's data-handling scope beyond what users and reviewers would expect, increasing the risk of covert collection, identity linkage, or unauthorized account management in a health-monitoring context involving sensitive elderly data.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Storing token and open_token fields in a local SQLite user table is unnecessary for the stated sleep-analysis purpose and creates a high-value secret store inside a health-monitoring skill. If the database is accessed by an attacker, tokens could enable account takeover, API abuse, or correlation of sensitive medical-adjacent observations with user identities.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This utility file implements broad authenticated network access, token handling, and implicit account provisioning that materially exceed the skill's declared purpose of local sleep-event analysis. In a bedroom monitoring context, this creates a dangerous hidden data-flow path whereby sensitive identifiers, auth tokens, and potentially derived health-monitoring data can be sent to external services without clear necessity or user consent.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The helper automatically logs in or registers a user against an external health platform using username/mobile/openId data, even though the skill description is about detecting abnormal sleep behavior from a fixed camera. Auto-enrollment of users into remote services without transparent consent is especially risky here because the skill processes elderly health-related observations, making any identity linkage more sensitive.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The code retrieves, stores, refreshes, and persists authentication tokens and user records through a DAO layer, which is unrelated to simple local event detection and enlarges the attack surface. Persistent token management in shared utility code increases the risk of unauthorized reuse, cross-skill access, and unintended retention of sensitive account linkages.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The default trigger auto-invokes on any uploaded bedroom sleep video needing analysis, without requiring a narrow user intent signal. Because the content is intimate bedroom audio/video, overbroad triggering can cause unintended transmission and analysis of highly sensitive data.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The history-report query uses broad keyword matching that may invoke retrieval of prior reports whenever the user asks generally about sleep anomalies or reports. This creates a risk of pulling sensitive historical health-monitoring records without sufficiently specific authorization or context.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill does not clearly warn that bedroom audio/video and identifiers are sent to cloud APIs for analysis and report retrieval, despite processing highly sensitive health and in-bedroom surveillance data. Lack of transparent disclosure undermines meaningful consent and increases the risk of covert exfiltration of intimate personal information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to send bedroom video and an API key to a remote endpoint but provides no warning about privacy, retention, storage location, third-party access, or handling of sensitive biometric/health-related data. Because the skill targets elderly nighttime monitoring in private sleeping spaces, the absence of clear data-handling disclosures materially raises the risk of unauthorized surveillance, misuse of intimate recordings, and insecure operational deployment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill reads arbitrary local video files into memory and transmits them to the analysis service without any visible consent prompt, warning, or minimization controls in this code path. Because the skill processes highly sensitive bedroom sleep footage of elderly people, silent upload of local recordings materially increases privacy and compliance risk if users or integrators are unaware of the transfer.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The CLI collects sensitive identifiers and submits video or URL content to an external analysis service without any explicit notice about transmission, storage, or handling of highly sensitive bedroom and health-related data. In this context, silent transfer of infrared sleep video and linked identity information creates meaningful privacy, compliance, and user-consent risk even if transport security is handled elsewhere.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The HTTP helper attaches identifiers and authentication material such as App-Id, X-Access-Token, X-Api-Key, Authorization, tenantCode, skill metadata, and pnaUserName to outbound requests with no user-facing disclosure evident in this file. For a skill monitoring elderly nighttime behavior in private bedrooms, undisclosed transmission is more serious because the surrounding data is highly sensitive and health-adjacent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The user lookup/auto-registration path sends username/mobile/openId data to an external endpoint without any visible notice, validation of necessity, or consent workflow. In the context of an elderly sleep-monitoring skill, this creates an unjustified identity export channel that can connect private bedroom monitoring to a real-world person.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal