warn
suspicious.install_untrusted_source
- Location
- skills/smyx_common/scripts/config-dev.yaml:2
- Finding
- Install source points to URL shortener or raw IP.
婴儿趴睡窒息预警技能
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.install_untrusted_source
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI09: Human-Agent Trust ExploitationWhat this means
A parent could over-rely on this tool for infant safety even though it may only analyze submitted video and may not provide continuous real-time protection.
Why it was flagged
These high-stakes safety claims could cause users to rely on the skill as a continuous infant monitor; the artifacts show a scripted cloud analysis workflow, not a verified 24/7 alarm system.
Skill content
conducts 24/7 real-time monitoring... immediately triggers a real-time alarm... effectively prevent Sudden Infant Death Syndrome (SIDS)... zero-dead-angle sleep safety barrier
Recommendation
Use it only as an assistive analysis tool, keep adult supervision, and require the publisher to narrow the claims unless real monitoring, alert delivery, and reliability evidence are provided.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
A real secret, phone number, or account identifier could be used for cloud report storage/querying in a way the user did not expect.
Why it was flagged
The skill tells the agent to read a field named api-key as an identity value or collect a phone number/username, while registry metadata declares no primary credential or config path.
Skill content
如果文件存在且配置了 api-key 字段,则读取 api-key 作为 open-id... 提示用户提供用户名或手机号作为 open-id
Recommendation
Do not put secrets in the open-id value; use a dedicated non-secret identifier and ask the publisher to clearly declare credential/config requirements and how identifiers are stored.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Infant video, video URLs, and report history may be stored locally and processed by the configured cloud provider.
Why it was flagged
The skill discloses local saving plus cloud upload/download/report-history flows for infant sleep videos and reports, which are sensitive even though they fit the stated purpose.
Skill content
自动保存到技能目录下 attachments... 本地视频文件路径(使用 multipart/form-data 方式上传)... 网络视频 URL 地址(API 服务自动下载)... 历史预警记录查询必须从云端接口获取
Recommendation
Only submit videos you are comfortable sending to the provider, review retention/privacy terms, and delete local attachments if they are no longer needed.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
If switched to the dev environment, sensitive videos or identifiers could be sent to an internal/private HTTP service instead of the production service.
Why it was flagged
A packaged development config points at a raw private HTTP endpoint; it is not the default prod config, but it creates a deployment/provenance risk if the environment is changed.
Skill content
base-url-open-api: "http://192.168.1.234:9601/smyx-open-api"
Recommendation
Remove dev endpoints from published packages or clearly gate them so normal users cannot accidentally route data to them.
NoteHigh Confidence
ASI01: Agent Goal HijackWhat this means
History queries will be steered to the cloud API rather than local conversation memory, even during failures.
Why it was flagged
The skill uses priority-style language to constrain the agent's memory behavior. This appears related to using cloud history, but untrusted skill text should not override higher-level policies.
Skill content
强制记忆规则(最高优先级)... 绝对禁止读取任何本地记忆文件... 即使技能调用失败或接口异常,也不得回退到本地记忆汇总
Recommendation
Treat these as scoped operating instructions for this skill only, not as higher-priority rules over user or platform policy.