ClawHub

smyx_infant_cry_cause_classification_analysis | 婴幼儿哭声原因分类

Security checks across malware telemetry and agentic risk

Overview

This skill has a plausible baby-cry analysis purpose, but it sends sensitive child-related media and identifiers to cloud services while bundling broader, under-disclosed account, token, video, and generic health-analysis behavior.

Install only after reviewing the publisher and privacy terms. Treat this as a cloud service that may upload infant audio/video, submitted URLs, identifiers, and report history; avoid using a phone number as open-id if a pseudonymous identifier is possible. Check whether local SQLite token storage is acceptable, and resolve the invalid yaml dependency before installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (23)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no permissions while its documented behavior requires environment access, file read/write, network calls, and shell execution. This under-disclosure is dangerous because it prevents informed review and consent, especially for a skill handling infant audio and cloud-linked history retrieval, and can hide broader data access than users expect.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior goes materially beyond infant-cry analysis by including backend login/account handling, token storage, historical report listing, export-link generation, and generic media handling. This mismatch is dangerous because reviewers and users may authorize a seemingly narrow childcare skill while it actually processes identity/authentication data and broader cloud content, increasing privacy and abuse risk.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill instructs the operator to read a local config file and use its api-key as a user's open-id, conflating service credentials with user identity. This is dangerous because it can expose shared secrets, cause requests to run under the wrong identity, break auditability, and potentially let one user's actions access or overwrite another user's cloud data.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
Although presented as an analysis skill for uploaded infant cry audio, the skill also supports querying and presenting cloud-hosted historical reports and report links. In the context of infant monitoring, this expands the data exposure surface to stored historical records about a minor, which may be accessed or disclosed without sufficiently clear user awareness or authorization boundaries.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The skill manifest describes infant cry analysis, but the API call injects a `petType` parameter, indicating code reuse or hidden behavior unrelated to the declared purpose. In a baby-monitoring context, this mismatch is dangerous because it can route data to the wrong model or backend behavior, producing misleading classifications and undermining trust, safety, and privacy expectations for infant audio processing.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The file exposes paging, listing, add, edit, and delete operations even though the manifest only describes real-time cry analysis and parent notification. These extra record-management capabilities expand the attack surface and could enable unauthorized enumeration, modification, or deletion of monitoring records if access controls are weak elsewhere in the stack.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented API is fundamentally inconsistent with the stated skill purpose: instead of infant cry audio classification, it describes uploading video, face detection, and even health/constitution diagnosis. This mismatch is dangerous because it can conceal undisclosed collection and analysis of highly sensitive visual and health-related data, especially involving infants, and may cause integrators or users to transmit data far beyond what the skill claims to need.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The implementation materially contradicts the advertised purpose of the skill: it is described as infant cry audio analysis, but the code performs generic/video analysis and history listing. This kind of capability mismatch is dangerous because users may submit sensitive nursery or baby-monitor data under false expectations, enabling covert collection or misuse of video data that is more privacy-invasive than the declared function.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The inline docs and CLI help explicitly refer to video analysis, which conflicts with the declared infant-cry audio use case. In a baby-monitoring context, this mismatch increases the risk of deceptive data collection and unsafe operator assumptions about what media is being uploaded and processed.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
This file defines persistent user storage including usernames, email addresses, birthdays, tokens, and open_token values, which is unrelated to the advertised infant cry classification function. That mismatch expands the skill's data collection and retention surface, creating unnecessary privacy and credential-exposure risk if the database is accessed, reused by other components, or later exfiltrated.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The utility layer contains unrelated identity functionality: it can auto-create/login a user via /sys/phoneLogin, derive identity from API_SECRET_KEY or current user fields, and populate/persist tokens for later use. For an infant cry classification skill, this is unjustified privilege expansion and creates a hidden account-linking/data-handling path that could expose or misuse user identity and access tokens.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The code includes a payment/recharge branch that triggers on HTTP 402 and instructs the user to install a payment skill and recharge an account. This capability is unrelated to infant cry analysis and indicates hidden monetization behavior embedded in a generic request path, increasing the risk of deceptive prompts and unnecessary exposure to billing workflows.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The code stores token and profile data returned from remote login/account creation into a DAO/database, including token and openToken fields. Persisting authentication material and user profile data without clear necessity or disclosure creates a durable compromise surface: database leakage or misuse could grant unauthorized access to upstream services.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The default trigger condition is broad enough to auto-activate on loosely related keywords or any uploaded audio/video, which can cause unintended execution. For a skill that saves files locally and may call cloud APIs on sensitive infant audio, ambiguous triggering increases the risk of collecting, transmitting, or processing private data without clear user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The description promotes real-time monitoring and app push notifications but lacks a prominent upfront warning that infant audio may be continuously monitored and transmitted to cloud services, with history retained for later querying. This is especially sensitive because the data concerns a child in private spaces such as nurseries and neonatal rooms, making inadequate notice and consent materially risky.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The CLI requires `--open-id` and explicitly allows sensitive identifiers such as phone numbers, usernames, or user IDs, but provides no privacy notice, minimization guidance, or safer handling. In this skill's context, the identifier is linked to infant monitoring activity, which raises sensitivity and can lead to unnecessary collection, logging, shell history exposure, and downstream privacy leakage.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The API allows direct video upload and public video URL submission but provides no warning or guidance about privacy, retention, third-party access, or handling of sensitive recordings. In the context of baby monitors and neonatal/daycare environments, this is especially risky because recordings may capture infants, caregivers, homes, and medical contexts, creating significant privacy and compliance exposure if users are encouraged to share publicly accessible media.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code reads the entire local file and sends it to a backend analysis API without any user-facing disclosure, consent gate, or minimization visible in this skill. For a baby-monitor context, uploaded media may contain highly sensitive infant, household, and bystander data, making silent transmission a meaningful privacy and compliance risk.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill forwards user-supplied remote URLs to the analysis API without warning the user that external content references will be shared with another service. In this context, URLs may embed tokens, internal endpoints, or personal cloud-storage links, exposing sensitive references and potentially expanding access beyond user expectations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script forwards a user-supplied local path or remote URL to backend analysis via skill.get_output_analysis without any visible disclosure that data may leave the device. Because the skill is positioned for infant monitoring, the transmitted media may contain highly sensitive household or child data, making undisclosed external processing a meaningful privacy and compliance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The CLI requires an open-id that may be a user ID, username, or phone number, but the script gives no user-facing explanation of why it is collected, how it is stored, or whether it is transmitted. In a child-monitoring setting, silent collection of personal identifiers increases privacy, tracking, and regulatory exposure, especially when linked to analysis history.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The DAO automatically creates a local SQLite database and persists data without any indication in the code of consent, disclosure, or retention controls. In the context of an infant-monitoring skill that may process highly sensitive household and child-related information, silent persistence increases privacy risk and can surprise users or operators.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The helper sends user identifiers and authentication-related headers/data to external services, including mobile/openId-style identifiers and tokens, without any visible user-facing notice or consent mechanism in this code path. In the context of a baby-monitoring skill that may process sensitive household data, undisclosed outbound transmission materially increases privacy and compliance risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal