ClawHub

Office Prolonged Sitting & Posture Warning | 成人久坐/姿态预警(办公室)

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This workplace camera skill sends sensitive employee video and identifiers to a remote service and includes account, token, history, and broader health-analysis behavior that is not tightly scoped enough for routine posture reminders.

Review carefully before installing. This skill should only be used with explicit employee consent, a clear legal basis, and documented controls for remote video upload, account creation, token storage, report access, retention, and deletion. Ask the publisher to replace the yaml dependency, stop using API keys as user IDs, remove silent registration/token persistence or disclose and secure it, and narrow the backend/API docs to posture-only analysis before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (27)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill expands from basic posture warnings into additional biometric/behavioral measurements and historical report features that are not clearly described in the manifest. Scope expansion is risky because it increases collection of worker surveillance data and may cause users to share more sensitive information than they intended.

Description-Behavior Mismatch

Medium
Confidence
77% confidence
Finding
The skill claims real-time local monitoring, but the operational flow is actually upload/URL-based API processing. This discrepancy is dangerous because users may assume data stays local or is processed continuously on-device, while in reality video may be transmitted to a remote service with different privacy, retention, and breach implications.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Requiring a persistent open-id tied to a username or phone number for routine posture analysis introduces unnecessary identity collection and account linkage. In a workplace video-monitoring context, this is especially sensitive because it enables long-term tracking of employee behavior and access to historical reports that may reveal health-related patterns.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The instructions tell the agent to read a local configuration file, extract an api-key, and reuse it as a user open-id. This mixes credentials with identity in a way that can expose secrets, misuse service credentials as account identifiers, and grant access to cloud data or actions under the wrong security context.

Description-Behavior Mismatch

High
Confidence
85% confidence
Finding
This office-worker posture monitoring skill sends a petType parameter that is unrelated to its declared functionality, indicating hidden or mismatched behavior between the manifest and runtime API request. In a camera-based monitoring skill, undocumented parameters can enable unauthorized routing, model selection, or backend behavior changes, undermining transparency, privacy expectations, and security review assumptions.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The API documentation describes a remote video-analysis service that performs face detection, constitution typing, organ-condition inference, and health advice generation, which is materially different from the advertised posture and prolonged-sitting reminder function. This mismatch is dangerous because it suggests the skill may collect and process much more sensitive biometric and health-related data than users would reasonably expect, creating a risk of deceptive data practices and unauthorized secondary use of video footage.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Inferring constitution type, organ condition, complexion-based health status, and personalized health warnings from video exceeds what is necessary for office posture monitoring and enters highly sensitive biometric/medical territory. In this context, such claims indicate over-collection and potentially pseudo-medical profiling of workers, which could expose users to privacy harm, discrimination, and misuse of health inferences by employers or third parties.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The code exposes historical analysis report listings and constructs export-image URLs, which expands the skill from real-time posture alerts into report retrieval and disclosure functionality. In a workplace-monitoring context, historical posture/health-related reports are sensitive employee data, and exposing listing/export paths without clear access-control checks in this file increases the risk of privacy leakage and unauthorized access.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill accepts arbitrary remote video URLs and forwards them to the analysis backend, which materially broadens the data intake beyond the described fixed-camera workstation scenario. This can enable analysis of unintended third-party video sources and may also create backend exposure to untrusted remote resources, increasing privacy and SSRF-like risk depending on server-side fetching behavior.

Intent-Code Divergence

Medium
Confidence
82% confidence
Finding
The comments and logic reference health-assessment subject extraction and fallback to face-analysis results, which is inconsistent with a posture-monitoring skill and suggests code reuse from broader biometric/health analysis features. In this context, that mismatch is dangerous because it indicates possible silent handling of more sensitive categories of personal data than users would reasonably expect from a posture reminder tool.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
This file exposes generic add/edit/delete and raw HTTP verb wrappers that can send requests to caller-supplied URLs, which is materially broader than a posture-monitoring skill's declared purpose. In a camera-based workplace monitoring context, this unnecessary network capability increases the attack surface and could be reused by other components to interact with arbitrary backend endpoints or external services.

Context-Inappropriate Capability

High
Confidence
94% confidence
Finding
The methods add, edit, delete, http_post, http_put, and http_delete accept arbitrary URLs and perform state-changing remote requests without visible restrictions. If an attacker can influence the URL or parameters through higher-level code, this becomes a powerful primitive for unauthorized remote modification, SSRF-like behavior, or abuse of internal APIs, which is especially concerning in an enterprise camera/health SaaS deployment handling employee data.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
This file implements generic user-account persistence with storage of token and open_token values, which is unrelated to a posture-monitoring skill and materially expands the data collection surface. In the context of a workplace camera/health-monitoring skill, hidden credential or token storage increases privacy and insider-abuse risk, and could expose authentication artifacts if the local SQLite database is accessed by another process or user.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The module description presents the code as a lightweight localized database wrapper, but the implementation also manages a user schema containing username, email, birthday, and authentication tokens. That mismatch undermines transparency and can conceal materially sensitive data handling, which is especially concerning in an employee-monitoring skill where users may not expect identity and token persistence.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
This utility implements broad authenticated HTTP access, token handling, and account bootstrap logic that materially exceeds the stated purpose of a local posture-monitoring and alerting skill. In this skill context, hidden network capability plus credentialed backend access expands the attack surface, enables unauthorized data exfiltration or remote actions, and violates least-privilege expectations for a camera-based ergonomic assistant.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The code can silently create or log in a user by sending phone number/openId data to a remote health endpoint with register and silent flags enabled. For a posture-analysis skill, automatic identity provisioning is unrelated to the advertised function and can create accounts, process identifiers, and establish backend linkage without meaningful user awareness or consent.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Payment and recharge handling is outside the scope of office posture monitoring and indicates the skill may trigger monetization workflows based on backend responses. While not directly code-execution dangerous, this creates undisclosed business logic and user-manipulation risk, especially when embedded in an enterprise wellness/camera product where users would not expect billing prompts from posture alerts.

Missing User Warnings

High
Confidence
93% confidence
Finding
The skill promotes continuous camera-based employee monitoring in offices and coworking spaces without making privacy and surveillance risks a prominent prerequisite. In this context, the danger is elevated because the system processes persistent visual monitoring of identifiable workers and can generate behavior histories that may be misused by employers or leaked.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The CLI explicitly accepts highly sensitive identifiers such as OpenID, username, and phone number without any privacy notice, minimization, or guidance on safe handling. In a workplace-monitoring context tied to posture and behavior surveillance, this increases the risk of collecting directly identifying data that could be logged, exposed in shell history, or misused for employee tracking.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script processes local or remote office workstation monitoring video, which is sensitive personal data because it captures identifiable employees and behavioral patterns. There is no warning, consent check, retention guidance, or safeguard in the interface, making accidental misuse and noncompliant surveillance more likely, especially in enterprise or coworking environments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs clients to upload video files or provide public video URLs to a remote API but does not warn that workplace or home-office footage will be transmitted off-device for server-side analysis. This omission is dangerous because users and integrators may assume local processing for a camera-based wellness feature, leading to uninformed sharing of sensitive employee video and possible noncompliance with privacy obligations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code reads the full local file contents and uploads them to an external analysis service without any user-facing disclosure, confirmation, or visible consent mechanism in this file. For office video, this may include employees, surroundings, screens, and other sensitive workplace information, making silent transfer a meaningful privacy and compliance risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill forwards remote video URLs directly to the analysis service without informing the user that external resources will be accessed and processed. In a surveillance-related workplace context, this can lead to unexpected third-party data processing and analysis of content beyond the user's intended scope.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script requires an open_id that may be a username, phone number, or other directly identifying value, but it provides no privacy notice, minimization, masking, or indication of how that identifier will be used downstream. In the context of continuous workplace posture/video monitoring, collecting a personal identifier materially increases privacy risk because the behavioral/biometric analysis can be tied to a specific employee.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code describes the action as analyzing a video locally, but the implementation delegates to skill.get_output_analysis and explicitly handles requests exceptions, indicating likely remote/API-backed processing. Users are not clearly warned that a local file path, URL, or associated video content may be transmitted to an external service, which is especially sensitive here because the skill processes workplace camera footage containing posture and potentially identifiable employee imagery.

Static analysis

Install untrusted source

Warn
Finding
Install source points to URL shortener or raw IP.

Dep not found on registry

Critical
Finding
1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal