ClawHub

Pet Sneeze / Cough Detection | 宠物睡眠质量分析(时长/翻滚次数)

Security checks across malware telemetry and agentic risk

Overview

This skill appears to analyze pet sleep videos, but it also sends sensitive videos and user identifiers to remote services, can silently create/login accounts, and stores account tokens locally.

Install only if you are comfortable sending pet monitoring videos and a user identifier to the Life Emergence remote service, and with local storage of account tokens/profile data. Review the privacy terms, avoid videos containing people or private spaces, and use a non-phone identifier if the service allows it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (22)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The documentation broadens the skill from video analysis into cloud-backed report querying and account-linked data access. This is risky because it changes the trust model from single-task processing to persistent remote data management, increasing the chance of unintended data exposure or unauthorized access to historical reports.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill requires collecting an open-id/username/phone-like identifier even though that identifier is not necessary for the core act of analyzing a single local sleep video. Collecting extra identifiers increases privacy risk and enables linkage of videos, reports, and user identity across sessions and cloud services.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documented check-in behavior sends a user-provided identifier to a server-side endpoint as telemetry/account-registration logic before other operations. Even if framed as bookkeeping, this is unrelated to core video analysis and can create undisclosed tracking, user profiling, or account creation side effects.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documented response schema describes face detection, constitution analysis, organ-condition diagnosis, and health suggestions that are unrelated to the advertised pet sleep-quality analysis capability. This mismatch strongly suggests the skill may invoke a different backend service than users expect, creating a risk of deceptive data handling, unintended biometric/health inference, and unsafe downstream use of results.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill is presented as a fixed-camera pet sleep monitor, yet the API output includes face analysis and health/organ diagnosis unrelated to that purpose. In this context, collecting or inferring extra sensitive attributes beyond the stated function is dangerous because users may submit household video believing it will only be used for sleep assessment, while the service appears capable of broader biometric or pseudo-medical profiling.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The API accepts arbitrary uploaded videos or public video URLs via a generic common-analysis endpoint rather than a constrained pet rest-area workflow. This broad input model increases the chance of misuse, accidental submission of unrelated or sensitive recordings, and repurposing of the skill for general video analysis outside its stated pet sleep context.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill manifest describes sleep-quality analysis, but this API wrapper also exposes CRUD-style record-management functions (`add`, `edit`, `delete`, `page`, `list`) that can modify or remove camera-associated records. This expands the skill's effective capability beyond its declared purpose, increasing the risk of unauthorized data manipulation or destructive actions if the surrounding agent or callers can invoke these methods.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
This file exposes a generic API wrapper with broad CRUD-style and arbitrary URL-based HTTP methods that are not constrained to the skill’s stated pet sleep-analysis purpose. In an agent/skill context, this creates an unnecessary capability surface that could be reused to contact unintended endpoints, move data off-platform, or perform actions outside the declared function, making it a real security and scope-expansion issue.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The http_post/http_put/http_get/http_delete methods accept caller-supplied URLs and forward requests directly, enabling arbitrary outbound network access. For a skill whose description is limited to analyzing pet sleep from camera data, this capability is unjustified and increases the risk of data exfiltration, command-and-control style communications, or misuse against internal or external services.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The file implements generic user-account persistence, including user identifiers and account-related records, despite the skill being described as pet sleep-quality analysis from camera data. This capability expansion increases the attack surface and creates a hidden data-collection path unrelated to the stated function, which is especially concerning in a monitoring-oriented skill.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The User model stores authentication-style tokens, open tokens, email, birthday, and other profile data that are unrelated to sleep-quality scoring. Persisting these sensitive fields in a local SQLite database without visible justification or safeguards can expose credentials and personal data if the host or database file is accessed.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
This utility layer performs broad authenticated HTTP operations, token handling, tenant/user injection, retry logic, and account-state management that are not justified by a pet sleep-quality video-analysis skill. Such over-scoped network capabilities increase the attack surface and enable unintended data exfiltration, remote actioning, or platform-account abuse if any caller can influence URLs, payloads, or identity context.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code can automatically create or log into remote accounts using a username/mobile identifier via `/sys/phoneLogin` with `register=1` and `silent=1`. For a pet sleep-analysis skill, silent account lifecycle actions are unrelated to the stated functionality and could create unauthorized accounts, tie user identifiers to backend services, or trigger account misuse without informed user approval.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The default trigger is broad enough that the skill may auto-activate for general pet video analysis requests, causing unintended file handling, identifier prompts, or remote API use. Over-broad activation increases the risk of processing sensitive media without sufficiently specific user intent or informed consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs automatic saving of uploaded attachments/videos to local storage without a clear warning, retention policy, or user consent. Local persistence of private home-camera footage increases exposure risk through later reuse, unintended access, or residual sensitive data on disk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill omits a clear privacy notice that uploaded videos and open-id values are sent to remote services for analysis/report retrieval. Because the content involves home or clinical pet-camera footage plus persistent user identifiers, undisclosed transmission materially increases privacy, surveillance, and data-linkage risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to upload videos or provide public video URLs but provides no warning about privacy, retention, transmission, or third-party processing implications. Because the skill concerns fixed-camera monitoring in homes, hospitals, or boarding facilities, the omission is more dangerous than usual: submitted footage may contain pets, owners, staff, living spaces, and other sensitive environmental data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code reads arbitrary local video files into memory and transmits them to a remote analysis service, but there is no visible user-facing consent, disclosure, or confirmation step in this code path. Because this skill processes pet monitoring footage from homes, hospitals, or boarding environments, the uploaded content may contain sensitive environmental or incidental personal data, making silent transmission a meaningful privacy risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The DAO automatically creates a SQLite database file on initialization, causing persistent local storage as a side effect without any evident disclosure or consent mechanism. In the context of a pet monitoring skill, silent persistence can lead to unnoticed retention of personal or account-related metadata and complicates user expectations around privacy.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code runs a schema-altering ALTER TABLE statement automatically during object initialization, modifying persisted state without operator approval or migration controls. Automatic DDL changes can create integrity issues, surprise administrators, and worsen privacy risk when combined with undocumented local storage of user data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The function transmits user-linked identifiers such as `openId`, `mobile`, and source metadata to a remote health endpoint in an automatic login/registration path, with no visible disclosure or consent controls in this code. In the context of a pet-camera sleep-analysis skill, this is a data minimization and transparency failure that exposes personal data beyond the expected purpose.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code persists authentication tokens and user information through DAO save/update operations without any local warning, transparency, or visible protection controls in this file. Persisting tokens enlarges the blast radius of compromise, especially in a skill whose advertised purpose is video-based pet sleep scoring rather than account management.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal