ClawHub

Rehab Patient Frustration / Giving-up Tendency Motivation | 康复患者沮丧/放弃倾向激励

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly aligned with rehab-video motivation support, but it handles sensitive patient video, identity, biometrics, cloud history, notifications, and local tokens with enough under-scoped implementation risk to require Review before installation.

Install only if you can verify the publisher and backend, have explicit patient or authorized caregiver consent, understand that rehab video/audio and identifiers may be uploaded to a remote service, and are comfortable with local token storage and therapist/family notifications. Treat the unresolved dependency and mismatched shared analysis code as reasons to review or fix the package before using it with real patient data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (17)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
Real-time encouragement is materially different from identity binding and third-party alerting to therapists and family members. Expanding from local assistance to external notification increases privacy exposure and can disclose a patient's condition, behavior, or lack of progress to additional parties without sufficiently clear upfront disclosure.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest frames the skill as optional encouragement/display, but the workflow mandates cloud historical-report retrieval and next-day delivery to therapists. That adds ongoing remote data access and disclosure obligations that users may not expect when enabling a monitoring skill in a rehab environment.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Requiring face recognition to bind patients to registered IDs introduces biometric identification beyond what is necessary for simple frustration detection and encouragement. In a healthcare-adjacent setting, this substantially raises sensitivity, reidentification risk, and the consequences of unauthorized processing or breach.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Pushing alerts to family members and therapist apps extends the skill from local motivational support into third-party disclosure and intervention orchestration. In this context, such notifications may reveal sensitive health-adjacent status, emotional state, and participation data, increasing confidentiality and misuse risks.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The code injects a `petType` parameter into analysis requests even though the declared skill is for human rehabilitation patients. This mismatch strongly suggests code reuse from another domain and can cause requests to be routed, processed, or labeled incorrectly, creating data-integrity and privacy risks in a healthcare-adjacent context where wrong model selection or metadata contamination could affect patient monitoring outcomes.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documented API behavior is materially inconsistent with the stated skill purpose. A rehab-motivation skill should analyze exercise adherence and frustration signals, but the API returns face detection, constitution typing, and organ-condition health diagnosis, indicating either undisclosed secondary processing or a repurposed medical-analysis backend. In a patient rehab setting, this mismatch is dangerous because it can mislead deployers and patients about what data is being inferred and used.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The API claims to infer organ condition and constitution from uploaded video, which is a sensitive medical inference unrelated to encouragement during rehabilitation and not justified by the described functionality. This creates risk of unvalidated medical profiling, overcollection of sensitive health data, and downstream harmful reliance on pseudo-diagnostic outputs. The rehab context increases severity because the subjects are patients and likely vulnerable individuals.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
This utility code performs remote account lookup/creation, token acquisition, and local token persistence, which is materially broader than the rehab skill’s stated function of monitoring exercise behavior and delivering encouragement. In a healthcare-adjacent context, silently binding user identities to backend services and storing auth tokens expands the attack surface and creates privacy and unauthorized-account risks if reused across skills or triggered without informed consent.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The code can instruct users to install and use a separate payment skill when account balance is insufficient, which is unrelated to the rehab encouragement function described to users. This creates an undeclared monetization pathway and cross-skill redirection that could be abused for deceptive upsell flows or to normalize unexpected payment prompts in a sensitive healthcare setting.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The default trigger activates on any rehab-training video URL or file request, which is overly broad for a skill that processes sensitive patient media. Over-triggering can cause accidental analysis, cloud upload, and identity-linked processing on content the user did not intend to submit for this purpose.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill processes privacy-sensitive video/audio, performs face recognition, associates data with patient IDs, retrieves cloud history, and may notify therapists or family, yet it lacks clear user-facing warnings about biometric processing and data transmission. In a rehab setting, this omission undermines meaningful consent and creates serious privacy, compliance, and safety risks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documented APIs include highly sensitive rehabilitation monitoring, historical progress retrieval, and report export capabilities for identifiable patients, but the documentation does not present clear user-facing safeguards, access-scoping requirements, or explicit risk warnings around surveillance, consent enforcement, and export handling. In this healthcare-like context, omission of strong privacy and disclosure requirements increases the chance of over-collection, misuse, unauthorized access, or inappropriate secondary sharing of vulnerable patient data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script requires `--open-id` and explicitly allows values such as phone numbers or usernames on the command line, which can leak through shell history, process listings, job logs, and monitoring tools. In a rehabilitation/patient context, this is more sensitive because the identifier can be linked to health-related video analysis and historical records, creating privacy and compliance risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs users to upload video files or provide public video URLs plus an API key, but provides no retention, sharing, consent, encryption, or handling guidance. Because the skill processes patient rehabilitation video and possibly facial/health information, omission of privacy safeguards can lead to unauthorized disclosure, insecure integrations, and noncompliant handling of highly sensitive data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code reads an arbitrary local file path and uploads the full file contents to a remote analysis API, but there is no visible consent prompt, privacy notice, path restriction, or contextual warning in this skill layer. In this rehab-monitoring context, uploaded videos can contain highly sensitive health and biometric data, so silent transmission materially increases privacy, compliance, and data-exposure risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The CLI requires an `--open-id` that may be a real-world identifier such as a phone number, username, or user ID, but the script provides no privacy notice, minimization, masking, or guidance on safe handling. In this rehab-monitoring context, the identifier is linked to sensitive behavioral and health-related video analysis, which raises the risk of privacy harm, misattribution, and accidental exposure through shell history, logs, screenshots, or support transcripts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The request path transmits user identifiers such as username/mobile/openId and attaches authentication tokens to outbound HTTP requests, but this file provides no notice, consent, or data-minimization safeguards. In the context of a rehab monitoring skill that may handle sensitive health-adjacent usage, undisclosed identity and token transmission materially increases privacy, compliance, and account-compromise risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal