帕金森癫痫行为识别技能

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real cloud video-analysis integration, but it handles sensitive patient video and identity data with unclear scope, weak disclosure, and locally persisted tokens.

Install only if you trust the publisher and Life Emergence service with patient video, username or phone-number-like identifiers, cloud report history, and locally stored auth tokens. Use a non-identifying open-id where possible, avoid public URLs for private footage, confirm patient consent before upload, and review or delete the local workspace data database if token persistence is not acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (21)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 88% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 87% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Intent-Code Divergence

High

Confidence: 93% confidence
Finding: The English section describes parcel/package surveillance in public spaces, while the rest of the skill claims to perform medical behavior recognition for Parkinson's and epilepsy. This contradictory scope is dangerous because reviewers and users may misunderstand what the skill actually does, and such mismatches are a classic sign of repurposed or poorly governed instructions that can route sensitive video data into an unintended workflow.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The documented API endpoint and response schema do not match the skill's declared purpose of Parkinson's/epilepsy behavior recognition. Instead, it describes generic analysis including face detection and constitution/organ-condition outputs, which creates a serious scope-mismatch that can mislead integrators, cause unintended collection/processing of sensitive biometric and health data, and indicate the skill may call a different backend than advertised.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: Including face detection and broad health/constitution diagnosis expands processing beyond abnormal behavior recognition into sensitive biometric profiling and medical-style inference. In this skill context, that is more dangerous because the subject matter already involves vulnerable patients and home monitoring, so undocumented extra analysis increases privacy, compliance, and misuse risk.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill claims to perform medical video behavior recognition, but this API service also exposes generic record-management methods including add, edit, and delete. In particular, deletion by camera serial number suggests operational control over monitored resources rather than narrowly scoped analysis, which violates least privilege and expands the attack surface if the skill is invoked by untrusted workflows or users.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The delete(cameraSn) function provides a direct administrative action over camera/resources that is not justified by a medical behavior-recognition skill description. In a home patient-monitoring context, unauthorized modification or deletion of camera-linked records could disable monitoring, erase evidence, or disrupt safety workflows for vulnerable patients, making the context more sensitive and dangerous.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill exposes report-history listing and constructs export URLs for prior analysis results, which goes beyond one-off video behavior recognition and can expose previously processed medical-analysis artifacts. In a health-monitoring context, historical report access materially increases privacy risk because report metadata and exported images may reveal sensitive patient information if access control is weak or absent.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Enumerating historical reports is not necessary for immediate abnormal-behavior recognition and creates an additional data-access surface over potentially sensitive health information. In this medical context, exposing a report list can leak analysis history, identifiers, and timestamps, enabling privacy violations even without direct file access.

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The User model persists username, email, birthday, token, and open_token for a skill whose declared purpose is video-based behavior recognition. Storing authentication tokens and personal data without clear necessity materially expands the privacy and credential-theft impact of any compromise, and the mismatch between capability and stated purpose makes the behavior more dangerous in context.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: This utility implements broad authenticated API and account-provisioning behavior that is unrelated to the stated purpose of a medical video behavior-recognition skill. It can create or log in users, fetch/store tokens, and perform generic API/database operations, which expands the attack surface and enables unauthorized identity handling or backend access if the skill is misused or compromised.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The code performs phone-based login/registration and persists authentication tokens for a skill whose declared context is medical video monitoring. In this context, silently creating accounts and storing tokens is especially sensitive because it links health-related usage with identity data and creates opportunities for account abuse, token theft, or undisclosed tracking.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill auto-triggers by default for generic requests involving uploaded video and abnormal behavior analysis, without requiring a narrow user confirmation. In a health-monitoring skill, that can cause unintended processing of sensitive surveillance footage and automatic transmission to backend services when the user may have only wanted general advice or description.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The history-query trigger matches broad natural-language phrases such as viewing reports or monitoring records, which can collide with ordinary conversation and automatically fetch cloud-stored historical medical reports. Because these reports are linked to an open-id and concern health events, accidental triggering could expose sensitive patient history without deliberate user intent.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill handles highly sensitive health surveillance data, instructs saving uploaded videos locally, and requires sending videos and open-id values to a cloud API, but it does not clearly warn users about collection, retention, transmission, and privacy risks before processing. In a medical context, omission of explicit privacy disclosure and consent can lead to unauthorized sharing of protected health information and serious compliance, safety, and trust failures.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The CLI requires an `--open-id` that may contain highly sensitive personal identifiers such as a user ID, phone number, or username, but provides no privacy notice, masking, minimization, or guidance on secure handling. In this medical-monitoring context, linking behavioral health analysis to a directly identifying value increases privacy risk, especially through shell history, process listings, logs, and stored outputs.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The API documentation instructs users to upload videos or provide public video URLs without any warning about transmitting highly sensitive health and biometric data. In a home-monitoring skill for Parkinson's/epilepsy behaviors, this omission is particularly risky because videos may reveal identity, medical condition, living environment, and other protected personal information.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The CLI requires an --open-id value and passes it into the skill workflow for remote analysis/list retrieval, but the script does not provide a clear user-facing notice that identifying data may be transmitted to an external service. In a health-monitoring context, this is more sensitive than usual because the identifier is linked to analysis of potentially medical behavioral events, increasing privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script accepts a local file path or remote URL and invokes remote analysis without clearly warning the user that the video content or referenced media may be uploaded or otherwise disclosed to an external service. Because the skill analyzes videos of Parkinson's/epilepsy-related behavior, the content may contain highly sensitive health and household information, making undisclosed transmission particularly risky.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The request utility transmits identifiers and authentication material including mobile/openId-derived username, X-Access-Token, X-Api-Key, Authorization, and pnaUserName without any visible notice or consent mechanism in this file. Even though HTTPS may be used, undisclosed transmission of identity and auth data is a privacy and security issue, particularly in a healthcare-adjacent skill where users may not expect backend identity correlation.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The code saves token-bearing user information to persistent storage through the DAO layer without any visible disclosure, retention policy, or security controls shown here. Persisting authentication tokens increases the blast radius of compromise and is especially risky in a skill handling potentially sensitive medical-monitoring workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal