Pregnancy Emotion Soothing | 孕妇情绪波动舒缓

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it deserves Review because it processes highly sensitive pregnancy-related audio/video, uses cloud history and identity flows, and has under-scoped automatic actions.

Install only if you are comfortable with cloud processing of pregnancy-related home or clinic audio/video, persistent user identifiers, local token storage, paid-service flows, and automatic report/history access. The monitored person and any bystanders should explicitly consent, and spouse or emergency-contact alerts should be configured as opt-in. The publisher should replace the nonexistent `yaml` dependency, document the actual analysis API, restrict video URLs to authorized sources, and make identity/report access and token persistence explicit before this is treated as routine.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (16)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 85% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 83% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The addition of cloud history-report retrieval and clickable report-link presentation expands the system from real-time assistance into retrospective cloud data access without clear necessity or consent boundaries. For pregnancy-related emotional surveillance data, this increases privacy exposure and can enable unauthorized review or sharing of sensitive reports.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to read local configuration files to obtain an open-id or API credential, which is unrelated to the user-facing emotion-analysis function and risks secret harvesting from the workspace. Reading credentials from nearby files can expose unrelated accounts or services and undermines clear user consent for which identity is used.

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The documented behavior expands beyond the manifest by adding emergency-contact escalation, medical or hotline suggestions, and daily summary delivery, which materially affect users and third parties. In a pregnancy-monitoring context, such undisclosed escalation can expose sensitive emotional-state inferences to family or external contacts and cause harm through misclassification or unwanted intervention.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The referenced API documentation describes generic face/constitution diagnosis outputs such as organ condition and complexion analysis, which do not match the advertised pregnancy emotion monitoring, anomaly detection, or automatic soothing workflow. In this skill context, that mismatch is dangerous because it suggests the skill may route highly sensitive video of pregnant women to an unrelated analysis service, causing deceptive behavior, unsafe interventions, and potential misuse of intimate biometric data.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The code accepts any http/https URL as a video source and forwards it to the backend analysis API, which expands the skill beyond the described fixed-camera use case. In a pregnancy-monitoring context handling highly sensitive emotional and household footage, this broad input surface increases the chance of analyzing unauthorized third-party content, internal network resources, or otherwise out-of-scope surveillance feeds.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The shared HTTP utility silently performs phone/openId-based login or registration, retrieves tokens, and persists them locally via the DAO layer. That behavior exceeds a generic request helper's expected scope and can create accounts or bind identities without explicit user consent, which is especially risky in a skill centered on sensitive pregnancy/emotional monitoring.

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The utility layer contains special-case payment/recharge handling and returns instructions to install a payment skill and top up an account. Embedding monetization workflow logic in a common request helper is unrelated to the declared emotional-support purpose and increases the chance of unauthorized billing prompts, dark-pattern behavior, or hidden feature expansion.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger conditions are overly broad and default to activation whenever relevant pregnancy-room audio/video is provided, which can cause sensitive monitoring to occur without a sufficiently specific request. Because the skill handles continuous home or clinic surveillance, overbroad activation materially raises the chance of non-consensual analysis and unnecessary data transmission.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill involves continuous camera/microphone monitoring of pregnant women, cloud report access, and automatic notifications to husbands or emergency contacts, yet the description does not prominently warn users about these highly sensitive privacy and autonomy implications. In this context, missing warnings make consent uninformed and heighten the risk of intimate surveillance, coercive monitoring, and disclosure of mental-health-adjacent information to third parties.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script requires an open_id that may be a phone number, username, or other persistent identifier for a pregnant woman or family member, then stores it in process-wide state without any privacy notice, minimization, or masking. In this skill context, the identifier is linked to highly sensitive inferred mental-health and pregnancy-related monitoring, increasing privacy harm and the risk of unauthorized tracking or disclosure.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The tool accepts remote URLs for home or clinic audio/video and forwards them for analysis without any explicit warning, consent flow, transport/security validation, or indication of where the footage is processed. Because this skill handles intimate household or prenatal-clinic monitoring and infers emotional or mental state, silent transmission of such media can expose extremely sensitive personal and medical-adjacent data to external services or unauthorized parties.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The API doc instructs clients to upload video files or provide public video URLs but gives no warning, consent requirements, retention limits, or transmission safeguards for highly sensitive household and waiting-room footage. In this skill, the data concerns pregnant women, emotional state, family interactions, and potentially medical settings, which makes silent collection and transfer of biometric and health-adjacent data especially risky and increases the chance of privacy violations or regulatory noncompliance.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill reads local video files into memory or forwards a user-supplied video URL to the analysis service without any visible notice, consent, or data-handling warning in this code path. Because the skill processes intimate home and prenatal emotional-monitoring footage, silent transmission of such sensitive media creates substantial privacy and compliance risk if users are not clearly informed and the transfer is not tightly governed.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This request helper automatically attaches identifiers such as pnaUserName and multiple authentication headers, and may derive identity from API_SECRET_KEY/CURRENT__USER_NAME/CURRENT__OPEN_ID without any visible consent, notice, or minimization in this file. In the context of a pregnancy-emotion monitoring skill, transmitting identity and auth data to backend services heightens privacy and account-abuse risk because the associated data is highly sensitive.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal