ClawHub

Fall Detection & Analysis Skill | 跌倒检测分析技能

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real fall-detection tool, but it sends sensitive care images and identifiers to a cloud service and under-discloses account creation and local token storage.

Install only if you trust the publisher and its cloud service with elder-care images or videos, phone/username-style identifiers, and generated report history. Before use, confirm who operates the backend, what data is retained, how reports are authorized, and how to delete locally stored tokens and cloud records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (18)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The examples repeatedly show a placeholder open-id that the document itself says must not be assumed or generated. In practice, example commands often get copied directly, so this contradiction can cause misattribution of records, accidental access to another account context, or unsafe normalization of default identifiers.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
This service exposes generic record-management methods (`page`, `list`, `add`, `edit`, `delete`) in a skill whose stated purpose is fall-detection image/video analysis. Even if these are intended for associated camera or analysis records, they expand the skill from passive analysis into state-changing administration, increasing the attack surface and enabling unauthorized modification or removal of operational resources if invoked by an agent or caller.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The `edit` and especially `delete(cameraSn)` methods allow modification and deletion of external camera/resource configuration, which is not justified by the declared fall-detection analysis purpose. In a safety-monitoring context, unauthorized changes or deletion of camera configuration could disable monitoring coverage, disrupt incident detection, or facilitate concealment of harmful activity.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The documented endpoint behavior materially contradicts the skill’s stated purpose of fall detection by exposing a generic analysis API that returns face-detection and health/diagnosis-style outputs. This creates a scope-expansion and misleading-capability risk: consumers may unknowingly send sensitive elder-care imagery for unrelated biometric and quasi-medical inference, increasing privacy, compliance, and abuse exposure.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The response schema explicitly includes face detection and medical-style diagnosis data, which goes well beyond detecting whether a person has fallen. In the context of elderly-care monitoring, this is especially sensitive because it introduces biometric processing and health inference without clear necessity, consent boundaries, or safety claims validation.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill exposes a history-listing capability via `show_analyze_list(open_id)` that is not obviously required for fall detection and operates on a user-supplied identifier. In a safety-monitoring context handling sensitive elder-care or nursing-home footage, unnecessary history access increases the risk of privacy leakage and unauthorized enumeration of prior analyses if the downstream service does not strictly authorize requests.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
This file exposes a broad, generic API wrapper surface including arbitrary GET/POST/PUT/DELETE methods and CRUD helpers that are not constrained to fall-detection image/video analysis. In an agent skill context, such overbroad network capabilities increase the risk of misuse, data exfiltration, or unauthorized interaction with unrelated backend services if higher-level code can pass attacker-controlled URLs or payloads.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
This file provides a generic local persistence layer plus user/account CRUD capabilities that are not justified by a fall-detection image/video analysis skill. In skill ecosystems, excess data-handling capability increases attack surface and enables silent collection, storage, or mutation of user records beyond the stated purpose, which is especially sensitive in elder-care contexts.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The User model stores profile attributes and especially token/open_token fields, which are sensitive credentials unrelated to fall detection. Local credential storage in a broadly reusable DAO raises the risk of unauthorized retention, leakage, or abuse of authentication material if the database file is accessed by other components or users on the host.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This utility embeds a broad external HTTP client with automatic login/registration, token loading, persistence, and request decoration that goes well beyond fall-detection image/video analysis. That creates an unexpected capability for account creation, credential handling, and arbitrary backend interaction, increasing data exfiltration and unauthorized account activity risk if the skill is triggered with user-derived inputs.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases for historical report queries are broad enough that ordinary conversation may invoke remote report-listing automatically. That can lead to unintended access to prior analysis records, unnecessary transmission of identifiers, and disclosure of sensitive report metadata without clear user confirmation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill says uploaded images or videos are automatically saved as local files, but it does not present a user-facing warning or retention policy. Because the inputs are likely to contain sensitive home-care footage, silent local persistence increases privacy risk and expands the attack surface for later unauthorized access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill requires a username or phone number as open-id for cloud processing and report lookup, but it does not clearly warn that this personal data will be transmitted to a remote API and used to link historical records. That creates a privacy and compliance risk, especially in elder-care contexts involving potentially sensitive health-adjacent monitoring data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to upload videos or provide public video URLs but provides no warnings or controls regarding personal data, retention, sharing, or third-party access. Because the skill targets home care and nursing home monitoring, the media is likely to contain highly sensitive footage of vulnerable individuals, making the omission materially risky.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill reads arbitrary local file contents into memory and transmits them to an external analysis service without any in-file user consent flow, warning, or path restriction. In a skill intended for fall detection on images/videos, this creates a real data-exfiltration risk if a user or upstream agent supplies an unintended local path, potentially sending sensitive files off-host.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script requires `--open-id` and stores it in a global current-user field without any privacy notice, minimization, or validation. Because the identifier may be a username or phone number and the skill processes potentially sensitive fall-detection media, this creates privacy and account-linkage risk and can facilitate misuse if arbitrary identifiers are accepted for backend queries.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code automatically creates or retrieves a user account using phone/openId-style identifiers and then persists returned token-bearing user data locally, without any visible notice, consent, or confirmation in this flow. In a home-care monitoring context, this is especially sensitive because users may be elderly or monitored subjects, making undisclosed account provisioning and token storage a privacy and trust violation with potential downstream account misuse.

Ssd 3

Medium
Confidence
96% confidence
Finding
The instructions establish a natural-language flow to collect a username or phone number and use it to save and query historical fall-detection reports. In this context, that enables persistent linkage between sensitive monitoring outputs and a real-world identity, increasing the risk of privacy harm, profiling, and unauthorized disclosure if the identifier or backend account is misused.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal