ClawHub

Pet Detection Skill | 宠物检测技能

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a cloud pet-analysis client, but it also has under-disclosed account, token, history-report, and mismatched analysis/reporting behavior that users should review before installing.

Install only if you are comfortable sending pet images or videos, plus an open-id such as a username or phone number, to the configured cloud service. Review the local token/account persistence and history-report behavior first, especially if household footage may contain people, private interiors, or sensitive routines.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (30)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documented APIs are for pet health analysis and report export, which is materially different from the declared skill scope of simple pet detection in images or video. This scope mismatch can mislead integrators and users into sending sensitive animal health data or invoking broader backend capabilities than expected, creating a capability-confusion and data-handling risk.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill manifest describes pet detection/analysis, but this API service also exposes generic record-management operations including pagination, listing, add, edit, and delete. That creates a broader capability surface than users would reasonably expect, enabling modification or removal of remote records if the surrounding skill wiring permits these methods to be invoked.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Exposing add/edit/delete operations in a home pet monitoring skill is unjustified by the declared functionality and allows the skill to perform state-changing remote actions beyond inference. If an agent or integration can call these methods, it could tamper with monitoring records or device-associated data, causing unauthorized changes or deletion of information.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill exposes a history/listing function (`show_analyze_list`) that is outside the stated scope of analyzing a provided pet image/video. Because the CLI accepts a broad `open_id` and directly passes it into `skill.get_output_analysis_list`, this can enable enumeration or retrieval of prior analysis records if server-side authorization is weak, creating unnecessary data exposure risk.

Context-Inappropriate Capability

Low
Confidence
79% confidence
Finding
The tool requires `--open-id` and documents that it may be an OpenID, user ID, username, or phone number, which are broad identifiers unrelated to the core pet-detection task. Accepting arbitrary user identifiers increases the chance of insecure direct object reference behavior or privacy leakage when combined with account-scoped backend operations.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented API endpoint and response schema are fundamentally inconsistent with the skill's declared pet-detection purpose. Instead of returning cat/dog/bird detection results, it describes face detection plus health/diagnosis outputs, which indicates either documentation substitution, backend misbinding, or undisclosed collection of sensitive biometric/health-related data; in a home monitoring context this creates a serious risk of privacy-invasive processing beyond user expectations.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
Presenting contradictory API documentation under a pet-detection skill can mislead integrators and users about what data is processed and what outputs are generated. This undermines informed consent, security review, and safe deployment because downstream systems may send household video expecting animal detection while the service appears to perform human face and health-related analysis instead.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill manifest describes pet detection and analysis, but this API surface also exposes generic record-management operations including add, edit, and delete. That creates unnecessary authority and a larger attack surface, enabling modification or removal of backend records unrelated to the stated detection-only purpose if the skill is invoked or abused.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The delete method allows removal of records by cameraSn, which is not justified by the declared pet-monitoring detection function. In a home monitoring context, unauthorized deletion could erase device-associated analysis records or configuration-linked data, undermining integrity and auditability.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The implementation does not match the declared pet-detection purpose. Instead of performing narrowly scoped pet detection, it acts as a generic analysis/reporting client with support for report retrieval and export, which is a significant capability mismatch and can mislead users and reviewers about what data is being handled and what backend actions are possible. In a security context, this kind of scope deception increases the risk of unauthorized data processing and hidden access to unrelated analysis artifacts.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill generates report export URLs and exposes report-listing behavior that are not justified by the advertised pet-monitoring function. Unnecessary report discovery/export capabilities can enable access to sensitive analysis outputs beyond the user's expected action surface, especially if downstream authorization is weak or IDs are guessable.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The implementation performs generic analysis via skill.get_output_analysis and also supports history retrieval, which is broader than the manifest's narrowly stated pet-detection purpose. This scope mismatch is dangerous because it can hide undeclared surveillance or content-analysis capabilities from users and reviewers, undermining informed consent and least-privilege expectations.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The show_analyze_list function exposes historical analysis results keyed by open_id, a capability not justified by simple pet detection. If access control is weak or identifiers are guessable, this could enable unauthorized retrieval of a user's analysis history, creating privacy and surveillance risks.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
This file exposes a generic network wrapper with arbitrary CRUD-style methods and caller-controlled URLs that go well beyond a pet-detection skill's stated purpose. In a skill ecosystem, such generic outbound request capability can be repurposed for unauthorized data exfiltration, interaction with unrelated services, or command-and-control style traffic if higher-level code passes untrusted inputs.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The presence of add, edit, delete, and arbitrary HTTP method helpers provides unnecessary capability to modify remote resources, which is not justified by the declared monitoring-only pet-detection context. If abused by surrounding code or malicious inputs, these methods could perform unauthorized state-changing actions against external services.

Description-Behavior Mismatch

High
Confidence
84% confidence
Finding
The file implements generic user-account persistence, including a User model and DAO, which is materially outside the stated pet-detection purpose. Scope mismatch increases the chance that unnecessary identity-handling code is shipped into an environment that does not need it, expanding attack surface and creating hidden data-collection or retention risk.

Context-Inappropriate Capability

High
Confidence
90% confidence
Finding
The model stores user identity attributes and authentication-like secrets such as token and open_token, which are unrelated to pet detection and appear to be stored in a local SQLite database without any protection shown here. If the database is accessed by another local process, copied from the workspace, or included in logs/backups, sensitive credentials and personal data could be exposed.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The utility layer for a pet-detection skill performs unrelated authenticated account provisioning, token acquisition, and persistence. This creates hidden identity-management behavior that expands the skill's privileges and causes undisclosed handling of user-linked credentials, which is especially concerning because it is not necessary for pet detection and can silently enroll or impersonate users against backend services.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
On HTTP 402, the code returns instructions to install a payment skill and recharge an account, which is unrelated to pet monitoring. Embedding monetization workflow prompts inside a low-level request utility can manipulate users into installing additional capabilities and obscures the true behavior of the skill, increasing trust and supply-chain risk.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code can create or fetch backend user identities by sending mobile/openId data to a phoneLogin endpoint, despite the skill being described as pet detection. This is dangerous because it silently provisions identities and associates user identifiers with backend tokens without an obvious need, enabling undisclosed account creation, tracking, and access expansion.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The history-report feature is bound to broad natural-language trigger phrases that can activate automatically when a user casually references prior reports. Because the action queries cloud-side historical data tied to an open-id, unintended activation can expose potentially sensitive historical monitoring records beyond the user's immediate intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states that uploaded attachments or media files are automatically saved locally, but it does not require just-in-time user notice or consent at the moment this storage occurs. Local persistence of user-provided video/images increases privacy risk, especially for home-monitoring footage, and may leave sensitive files on disk longer than users expect.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document states that file uploads and API key authentication are used but gives no warning about what data is uploaded, how it is stored, or the privacy/security implications. In this context, users may upload images, video, or health-related pet data without informed consent or safe handling expectations, increasing the risk of sensitive data exposure or improper credential use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The analysis function sends either a local media path or a URL to backend analysis via `skill.get_output_analysis` without any explicit privacy warning, consent step, or clear disclosure that media may be transmitted off-host. In a home pet monitoring context, these files or streams may contain sensitive household imagery, making silent transfer to an external service a meaningful privacy and compliance risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The API accepts uploaded videos or public video URLs but provides no warning about privacy, retention, third-party processing, or restrictions on human footage. In the context of home pet monitoring, submitted videos are especially likely to contain residents, visitors, interiors, and routine patterns, so omission of data-handling disclosures increases privacy and compliance risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal