ClawHub

Pet Grooming Stress Behavior Analysis | 宠物美容过程应激行为识别

Security checks across malware telemetry and agentic risk

Overview

This skill is broadly about pet grooming video analysis, but it needs Review because it sends media and identifiers to cloud services while also creating and storing account tokens and carrying unrelated management capabilities.

Review before installing. Only use this with videos you are allowed to upload to the external service, avoid using a phone number or API key as the open-id, and verify the publisher's service endpoints and dependency list first. An isolated workspace is advisable because the skill can create local account/token state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (20)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill goes beyond analyzing a user-provided grooming video by automatically querying cloud-stored historical reports and requiring an open-id for that purpose. This expands collection and use of user-linked data beyond the immediate task, increasing privacy risk and enabling access to prior records without a clearly bounded need or consent flow.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs reading configuration files to obtain an api-key and then repurposes that secret as an open-id, which is an unjustified credential access pattern. Using a stored API credential as a user identifier can expose secrets, conflate authentication domains, and enable unauthorized access to cloud data or misuse of backend privileges.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is described as analysis-only for pet grooming stress behavior, but this file also exposes add, edit, and delete record-management operations. That mismatch increases the attack surface and creates capability beyond the user-declared purpose, which can enable unauthorized modification or removal of camera-associated records if these methods are reachable through the skill.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The delete(cameraSn) method permits destructive deletion of camera-associated records, which is not justified by the stated video stress-analysis function. In this context, a grooming-analysis skill handling shop or clinic camera inputs makes unjustified deletion more dangerous because it could erase operational records or disrupt monitoring workflows.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The API response schema is clearly unrelated to the stated pet grooming stress-analysis purpose and instead describes face detection plus constitution/health-style diagnosis. This kind of spec mismatch is dangerous because developers may integrate the wrong endpoint or silently process sensitive biometric/health inferences under a pet-video workflow, causing privacy, compliance, and misuse risks; in this skill context, the mismatch makes the skill more dangerous because it claims animal stress analysis while documenting human-like diagnostic outputs.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The script exposes a history-listing function via `--list` that returns prior analysis records, but this capability is not reflected in the stated skill behavior. Undocumented data-access features increase the risk of unintended information disclosure, especially because the listing path appears tied only to a caller-supplied identifier and has no visible authorization checks in this file.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The file implements generic user-account storage including username, email, tokens, and update/delete operations, which materially exceeds the declared pet grooming stress-analysis purpose. Hidden or unnecessary identity/token handling increases attack surface and may enable unintended collection, persistence, or misuse of sensitive user data in a skill that users would not expect to manage accounts.

Intent-Code Divergence

Low
Confidence
76% confidence
Finding
The method name/docstring imply harmless table initialization, but it silently performs a schema alteration on the sys_user table at startup. Security-relevant behavior that mutates stored data structures without clear disclosure can surprise operators, complicate review, and introduce unauthorized persistence changes in environments where this skill should only analyze grooming videos.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The file defines an AgentSkill.ai_chat capability that is unrelated to the advertised pet grooming stress-video analysis purpose, creating hidden or unnecessary functionality in a safety-sensitive skill. Even though the current implementation is incomplete, exposing a general chat/session primitive broadens the attack surface and could later be wired to external model execution or used to bypass intended skill boundaries.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The generic request helper can silently create or register users via /sys/phoneLogin, fetch tokens, and persist them locally, which is unrelated to analyzing pet grooming stress from a video. This expands the skill's privilege and data-handling scope from media inference into account lifecycle management, creating unnecessary risk of unauthorized account creation, token misuse, and cross-skill identity coupling.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The HTTP utility embeds a payment/recharge workflow and returns instructions to install a payment skill when a 402 status is received. For a pet grooming behavior-analysis skill, this is unrelated functionality that broadens the trust boundary and can steer users into additional actions outside the declared purpose.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger rules are broad enough to activate on generic references to stress, grooming, reports, or uploaded media, which can cause unintended execution. In practice, that can lead to automatic local file saving, identifier collection, and remote API interaction when the user did not clearly intend to invoke this skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill description does not clearly warn users that local uploads may be saved locally and that both files and remote URLs will be sent to a server-side API for processing. This undermines informed consent and increases privacy and data-handling risk, especially for potentially sensitive video content from clinics or shops.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script requires an --open-id value and accepts highly sensitive identifiers such as OpenID, username, or phone number, but provides no privacy notice, minimization, masking, or explanation of how that identifier will be used. In this skill context, the identifier appears tied to analysis history and potentially backend API activity, increasing privacy risk if logs, console history, or stored outputs are exposed.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document instructs users to upload videos or provide public video URLs but gives no warning or requirements around privacy, consent, retention, or handling of potentially sensitive visual data. In this skill context, grooming and clinic videos may capture animals, owners, staff, premises, and metadata, so the absence of privacy guidance increases the chance of unsafe collection, disclosure, or regulatory noncompliance.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill forwards arbitrary user-supplied URLs to a server-side analysis API without visible restrictions. In this context, that can enable server-side fetching of attacker-controlled or internal network resources by the backend, creating SSRF-style risk or unintended access to sensitive internal endpoints if the downstream service dereferences the URL.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The tool requires `--open-id` and explicitly allows highly sensitive identifiers such as OpenID, user ID, username, or phone number, yet provides no user-facing privacy notice or minimization in this code path. Because the skill processes pet grooming videos that may be associated with customers or clinics, collecting persistent identifiers without disclosure can enable unnecessary tracking, linkage of analysis history, and privacy compliance issues.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script accepts a remote video URL and forwards it for analysis without any explicit disclosure that the referenced content may be fetched or processed by a server-side service. In this skill context, videos from grooming shops or veterinary settings may contain sensitive customer, employee, or clinic data, so silent network transmission materially increases privacy risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This code sends user identifiers and authentication material, including mobile/openId-derived values and token-bearing headers, to external services without any visible disclosure or consent handling in the file. In a skill advertised as video stress analysis, transmitting identity and auth data beyond what is obviously needed increases privacy and abuse risk if endpoints, logs, or downstream services are compromised.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The utility stores retrieved tokens and user information in persistent storage without any visible notice, retention controls, or security guarantees in this code. Persisting auth state in a common helper increases the blast radius of token theft and creates hidden long-term state inconsistent with the skill's narrow stated purpose.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal