Elderly Tachypnea / Dyspnea Detection | 老年人呼吸急促/困难识别

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This medical-adjacent video skill has Review-level concerns because it appears to transmit and persist sensitive in-home health video and identifiers while exposing broader profiling, account, report, and token-handling behavior than its tachypnea-monitoring purpose explains.

Review carefully before installing. Only use this with explicit consent from anyone recorded, and only if you are comfortable sending bedroom video, personal identifiers, tenant metadata, and possibly account tokens to the skill's configured services. Ask the publisher to narrow the API to tachypnea-only analysis, document retention/deletion and remote processing, remove unrelated profiling/report/account features, and explain token storage before trusting it with sensitive health footage.

SkillSpector (23)

By NVIDIA

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 83% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 83% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The documented response schema describes face detection, constitution diagnosis, organ-condition inferences, and health suggestions that are unrelated to the declared tachypnea-monitoring function. This mismatch is dangerous because integrators may send sensitive bedroom video for one medical purpose while the backend performs different biometric/health profiling, creating deception, improper medical use, and unauthorized processing of highly sensitive data.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The request model and described behavior support generic video upload or public URL analysis, but they do not specify respiratory-rate extraction, tachypnea thresholds, persistence logic, or alert semantics promised by the skill metadata. In a healthcare context, this functional inconsistency can mislead users and developers into relying on a system for medical monitoring when the documented service may be doing something else entirely.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill implements generic report listing and report export functions that go beyond the narrowly described tachypnea-detection use case. In a health-monitoring context, this expands access to potentially sensitive historical analysis data and report URLs, increasing the risk of unauthorized data exposure or function abuse if permissions are weak elsewhere in the stack.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The code accepts arbitrary http/https video URLs and forwards them for analysis, despite the manifest describing a fixed bedroom camera workflow. This broadens the trust boundary, enabling analysis of attacker-controlled remote content and potentially enabling misuse, privacy violations, or backend abuse if downstream services fetch or process untrusted URLs.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The code accepts arbitrary network video URLs for analysis even though the stated use case is a fixed bedroom camera for elderly monitoring. This broadens data intake to remote resources, increasing risks such as unauthorized external data processing, server-side fetching of attacker-controlled URLs, and use beyond the user's expected medical-monitoring context.

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: The configuration includes multiple external service endpoints and tenant-specific identifiers that are broader than what is justified by a bedside respiratory-rate monitoring skill. In a health-monitoring context, unnecessary outbound integrations expand the attack surface and create risk of sensitive elderly-care telemetry, identifiers, or alerts being routed to unrelated systems without clear need or data-minimization controls.

Context-Inappropriate Capability

Medium

Confidence: 82% confidence
Finding: The Feishu application integration appears unrelated to the stated camera-based respiratory analysis function, yet it introduces another external messaging platform into a medical-adjacent monitoring workflow. If enabled or later populated with secrets, it could be used to exfiltrate alerts, patient-related metadata, or operational data to a third-party platform without adequate justification or consent.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The file implements generic user/account persistence inside a skill declared for respiratory monitoring, which materially exceeds the stated purpose. In a health-monitoring context, unrelated account management increases attack surface and creates opportunities for covert collection or handling of user identity data without clear justification.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The model includes storage for token and open_token fields, which are credentials/secrets unrelated to tachypnea detection. In a camera-based elderly-care skill, collecting or retaining authentication tokens significantly elevates privacy and account-compromise risk if the local database is accessed, copied, or logged.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: This file performs local database initialization, schema mutation, and broad CRUD operations rather than respiratory-motion analysis or alerting described by the skill manifest. That mismatch is suspicious because it introduces persistent state and user-data handling capabilities not obviously needed for the advertised healthcare function.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The generic HTTP helper does far more than a respiratory-monitoring utility should: it auto-provisions accounts via /sys/phoneLogin, loads and persists tokens, and injects credential headers into outbound requests. In a health-monitoring skill handling elderly data, this broad authenticated network capability expands the attack surface and can enable undisclosed account creation, cross-service access, and transmission of sensitive identifiers beyond the stated purpose.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger conditions are broad enough to activate on common health-related phrases, causing the skill to process or solicit sensitive respiratory-monitoring workflows when the user may not have intended that action. In this context, unintended activation is more serious because the skill handles medical-like inferences, bedroom surveillance video, and account-linked history queries.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill states that uploaded attachments or videos are automatically saved locally, but this behavior is not clearly surfaced as a prominent warning despite involving highly sensitive bedroom footage of elderly individuals. Silent or poorly disclosed local storage increases the risk of privacy violations, unauthorized retention, secondary access, and noncompliance with data-minimization requirements.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The API asks users to upload video files or provide publicly accessible video URLs from a bedroom monitoring scenario without any warning about transmitting sensitive biometric and health-related data to a remote server. This is especially risky because the skill targets elderly subjects in private spaces, so missing privacy disclosures and handling guidance can lead to inadvertent exposure, noncompliant data sharing, and unsafe deployment decisions.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill reads the full local video file into memory and sends it to an analysis API, but this file provides no user-facing disclosure, consent flow, or data-handling notice. Because the content is bedroom video of elderly individuals, undisclosed transmission materially raises privacy and compliance risk, especially for highly sensitive health-related observations in private spaces.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script sends local video paths or remote video URLs to an analysis backend without presenting a clear user-facing warning about data transmission. In the elderly-care context, video may contain highly sensitive health and in-home footage, so silent external processing materially raises privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The CLI requires `--open-id` and explicitly allows highly sensitive identifiers such as OpenID, user ID, username, or phone number, yet provides no privacy notice or minimization controls. In a medical-monitoring setting, tying respiratory analysis and history to direct personal identifiers increases the risk of exposing protected health-related information and enables easier correlation of records to real individuals.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The code silently creates a local database under a workspace-derived path and attempts schema alteration on startup without any user-facing disclosure or consent flow. In a health-monitoring skill handling potentially sensitive elderly-care data, undisclosed persistence and schema changes create privacy, transparency, and compliance concerns.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: When debug mode is enabled, urllib3/http.client logging can expose full request and response contents, including tokens, user identifiers, tenant metadata, and potentially health-related payloads. In this elderly health-monitoring context, such disclosure can leak sensitive medical and account data into logs or consoles without a clear privacy notice.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The helper sends user identity fields such as openId/mobile/username to an external health endpoint for silent registration/login, and this occurs inside a generic utility rather than an explicit user-facing auth flow. For a camera-based elderly monitoring skill, undisclosed transmission of personal identifiers is especially sensitive because it can tie health observations to real identities.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The request wrapper automatically appends tenantCode, skillHubName, skillPlatform, and pnaUserName to outgoing request bodies and sets multiple credential headers. This hidden metadata propagation can expose organizational and personal context across requests, creating privacy and authorization risks that are disproportionate to the stated respiratory-alert function.

Static analysis

Install untrusted source

Warn

Finding: Install source points to URL shortener or raw IP.

Dep not found on registry

Critical

Finding: 1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal