ClawHub

Reptile Tail Loss (Autotomy) Detection | 守宫/蜥蜴尾巴断尾识别

Security checks across malware telemetry and agentic risk

Overview

The skill appears to provide the advertised reptile tail analysis, but it also performs under-disclosed account, credential, and broad cloud-service behaviors that users should review before installing.

Install only if you are comfortable sending reptile enclosure media and a user identifier to the publisher's cloud service. Avoid using a phone number as the open-id if a pseudonymous identifier works, and review or clear the workspace SQLite data if you do not want local access tokens retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (22)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill instructs retrieval of open-id or api-key values from local config files or user input and requires cloud history queries, which exceeds a local image-analysis workflow and introduces credential-handling risk. Reading identifiers from shared files can expose secrets across skills or users and encourages implicit trust in locally stored credentials.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The documentation expands the skill from periodic camera analysis into cloud querying, report management, local file persistence, and push-style workflows not reflected in the manifest description. This mismatch can mislead reviewers and users about data flows and privileges, increasing the chance of overbroad access being granted silently.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The referenced API documentation is materially inconsistent with the skill’s stated purpose of reptile tail-loss detection: it describes a generic external video-analysis service returning face detection and human health/organ diagnosis. This kind of scope mismatch is dangerous because it can conceal unintended collection or transmission of human biometric and inferred health data through a skill that users would reasonably expect to analyze only animal tail imagery.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Face detection and organ/health diagnosis are unrelated to detecting tail shortening, wounds, or scabbing in reptiles, so their presence indicates unjustified overcollection and processing capabilities. If used in practice, the skill could process humans captured by enclosure cameras or infer sensitive health information without a legitimate need, creating privacy, compliance, and abuse risks well beyond the advertised function.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The skill forwards arbitrary HTTP/HTTPS URLs for backend analysis even though the stated use case is fixed-enclosure monitoring. Allowing user-supplied remote URLs can enable backend fetching of attacker-controlled resources, potentially creating SSRF-style exposure, unexpected network access, or ingestion of untrusted external content by downstream services.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The function accepts arbitrary remote URLs for analysis, expanding the trust boundary beyond the stated fixed-camera/local capture workflow. If downstream processing fetches attacker-controlled URLs, this can enable unintended external data ingestion, privacy leakage, or server-side request behavior depending on how skill.get_output_analysis handles URLs.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
This file exposes a broad generic API client with CRUD methods and arbitrary HTTP verbs that can call attacker-controlled or unrelated endpoints, which is far wider than the declared reptile tail-loss detection purpose. In a narrowly scoped skill, this creates unnecessary capability expansion and increases the chance of data exfiltration, unauthorized backend actions, or reuse of the skill as a general network proxy.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The user lookup helper introduces account-enumeration or identity-access capability that is not justified by the skill’s stated image-analysis function. In a skill intended only to analyze reptile tail images, user-account querying materially broadens access to potentially sensitive identity data without clear business need.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The file defines generic user-account persistence, including personally identifiable data and tokens, which is unrelated to a reptile tail-loss detection skill. This mismatch indicates over-collection and broader data handling capability than the declared purpose, increasing privacy risk and expanding the attack surface if the skill is deployed in a least-privilege environment.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Storing authentication-related secrets such as token and open_token in a local SQLite database is sensitive behavior, and it has no clear justification in a camera-based reptile tail analysis skill. If the local database is accessed by another local process, copied from disk, or included in backups, these tokens could be stolen and used for account compromise or unauthorized API access.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The utility layer for a reptile tail-image analysis skill contains unrelated account login/registration behavior, including automatic user creation and persistence of authentication tokens. This is dangerous because it silently expands the skill’s authority and data handling beyond its declared purpose, enabling hidden account operations and credential storage that users would not expect from image analysis functionality.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The HTTP handler injects a recharge/install-payment workflow into error handling, which is unrelated to reptile tail-loss detection. This is risky because it creates undisclosed monetization and cross-skill installation behavior inside a low-level utility path, potentially steering users into financial actions not justified by the stated skill purpose.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This code can create accounts, retrieve tokens, and save authentication material locally despite the skill being described as enclosure-camera tail analysis. Such capability is unjustified by the manifest and increases the blast radius of compromise, as the skill can establish identities and retain bearer credentials for later API access.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The default trigger is broad enough to activate on essentially any reptile tail image analysis request, which can cause unintended execution of file handling or cloud-linked workflows. Overbroad activation raises privacy and consent risks because users may not intend to invoke historical lookups, local saves, or remote processing.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Automatically saving uploaded files locally without a clear upfront notice creates avoidable privacy and retention risk, especially for image and video data. Local persistence can expose sensitive files to other processes, users, or later misuse if retention and access controls are not clearly defined.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill mandates cloud API queries for historical reports using user identifiers, but the privacy implications are not prominently disclosed at the point of use. Sending identifiers and report metadata to a remote service without clear warning undermines informed consent and can expose sensitive account-linked activity.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The CLI requires an open_id that may contain personal identifiers such as a username or phone number, but provides no privacy notice, minimization guidance, or handling disclosure. In this skill context, the identifier is also copied into process-global state, increasing the chance of unintended retention, logging, or downstream propagation when analyzing animal-health events tied to an owner or facility operator.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The API documentation instructs clients to upload video files or public video URLs to an external service but provides no warning or controls around privacy, retention, or possible capture of sensitive human data. In the context of fixed cameras, accidental recording of people is plausible, so silent transmission of videos to a third party increases privacy exposure and can lead to mishandling of biometric or sensitive data.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The code reads local files into memory and submits them, or forwards remote video URLs, without any visible disclosure, consent prompt, or notice about data transfer in this component. In a monitoring context involving enclosure-camera footage, this can cause unintended exfiltration of potentially sensitive media or metadata to external analysis services.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The CLI requires an open_id that may be a username or phone number and then uses it for analysis/history operations without any consent notice, minimization, or masking. In a pet-monitoring context, this creates unnecessary privacy risk because sensitive identifiers may be exposed in process arguments, logs, shell history, or transmitted to backend services.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The code performs remote analysis through skill.get_output_analysis without clearly informing the user that media may be transmitted to a backend service. Because the skill handles animal enclosure imagery and associated user identifiers, lack of disclosure increases privacy and compliance risk even if the transport is otherwise legitimate.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code logs the full prompt string in debug mode, which can expose sensitive user input, proprietary data, or internal instructions to logs. In an AI-analysis workflow, prompts often contain images-derived metadata, case details, or operational context, so debug logging can create an unintended disclosure channel.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal