ClawHub
Back to skill

Security audit

Face Reading Cn

Security checks across malware telemetry and agentic risk

Overview

This face-reading skill is not malware, but it needs review because it encourages covert analysis of other people and handles face images without clear consent and privacy boundaries.

Install only if you are comfortable with entertainment-only face reading and can keep use consensual. Do not use it on other people’s photos or faces without permission, avoid public image URLs for private faces, do not rely on its health, personality, fortune, or mental-health claims, and review or remove the social-guide content before using it in real interactions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (33)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
]
    
    try:
        result = subprocess.run(
            cmd,
            capture_output=True,
            text=True,
Confidence
87% confidence
Finding
result = subprocess.run( cmd, capture_output=True, text=True, timeout=60 )

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises executable commands using shell and file-access patterns but does not declare permissions, creating a mismatch between stated trust boundaries and actual capability. This can lead to unexpected local command execution or file operations if the platform relies on declared permissions for review, sandboxing, or user awareness.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This section explicitly teaches users how to observe and analyze others '不露痕迹' (without being noticed), which crosses from entertainment into covert social manipulation. Hiding the analysis removes meaningful consent and can facilitate profiling, manipulation, or harassment under the guise of face-reading.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The guide teaches cold reading and Barnum-effect tactics specifically designed to make vague claims feel personally accurate, even when unsupported. This is deceptive by design and materially increases the risk that users will manipulate trust, mislead others, or present pseudoscientific judgments as insight.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The file states its purpose as helping users analyze others inconspicuously to become better at social influence, which exceeds a face-reading or psychology analysis skill. That scope expansion makes the skill more dangerous because it shifts from interpretation into operational guidance for covert interpersonal exploitation.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The document states photos are processed locally and not uploaded, but elsewhere proposes community case submission, photo labeling, and analytics features that imply collection or sharing of face data. That contradiction is dangerous because facial images are sensitive biometric data, and users could be misled into consenting under false privacy assumptions.

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
This skill invokes a separate local skill (`vita`) to analyze user-supplied images, which creates an implicit capability chain not visible from this file alone. That broadens access and risk because the downstream skill may have additional permissions or unsafe handling, while users interacting with a face-reading skill would not reasonably expect cross-skill execution.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The file gives mood- and anxiety-related self-guided psychological suggestion routines such as prompts for low mood and anxiety, but it does not clearly warn users that these techniques are not a substitute for professional mental-health evaluation or crisis support. In a skill that already frames facial features as psychologically meaningful, vulnerable users may over-rely on the content, delay care, or internalize misleading beliefs about emotional distress.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger set is broad enough to match ordinary conversation, increasing the chance of unintended invocation. Because this skill performs sensitive pseudoscientific face/personality analysis and can prompt image-based workflows, accidental activation can expose users to privacy risks and unrequested profiling.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The additional ambiguous triggers include broad psychology and self-help terms that may activate in unrelated chats. In this skill, misfires are more concerning because the outputs infer personality, emotion, and appearance-based traits, which can be intrusive or harmful when unsolicited.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill promotes uploading face photos for AI analysis and later states images must be publicly accessible and are processed via an external cloud vision service, but it does not present a clear upfront privacy warning. Face images are highly sensitive biometric data, and sharing public URLs with third-party processors can expose identity, consent, retention, and secondary-use risks.

Missing User Warnings

High
Confidence
97% confidence
Finding
The image-analysis instructions tell users to upload face photos and analyze 'this person' without an explicit warning about consent, third-party privacy, or analyzing other people's images. That omission normalizes biometric profiling of non-consenting individuals and increases the chance of privacy abuse or policy violations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Encouraging covert observation of facial attributes without consent raises privacy and dignity concerns, especially because facial features can be sensitive personal data and the guidance normalizes hidden collection. The absence of warnings about consent, harassment, or misuse makes the behavior more likely to be adopted irresponsibly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Inviting users to submit photos for analysis without any handling rules for images or biometric-like facial data creates unnecessary privacy risk. Users may share identifiable photos without understanding retention, sharing, consent, or downstream misuse implications.

Missing User Warnings

High
Confidence
98% confidence
Finding
The practice exercise tells users to observe strangers' faces daily without being noticed, effectively operationalizing privacy-invasive profiling. Repetition as training normalizes surveillance-like behavior and increases the chance of real-world harassment, stalking-like conduct, or collection of sensitive impressions without consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The plan explicitly includes AI face analysis and user case submissions, which implies collection and processing of highly sensitive biometric and personal data, but it does not mention consent, retention limits, storage protections, anonymization, or deletion workflows. In this skill context, the risk is elevated because face images and self-submitted cases can expose identity, health inferences, and psychological profiling, creating meaningful privacy and misuse concerns if implemented as written.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The planned web UI allows users to upload face photos for automated analysis without a clear warning that the input is sensitive biometric data. In this skill context, face images are not just media uploads but are used for identity-adjacent biometric inference, which raises privacy, consent, and regulatory risk if users are not clearly informed before use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The report-generation feature derives personality, MBTI-like traits, and fortune predictions from a user's face photo without disclosing that these are sensitive and potentially misleading inferences. This is especially risky because the skill combines biometric input with psychological and predictive profiling, which can cause user harm, overreliance, and noncompliant handling of inferred sensitive data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script processes face images, extracts detailed facial landmarks, infers personal traits, and can save the results to a JSON report, but it does not present any meaningful upfront consent, privacy warning, retention guidance, or safeguards around biometric data handling. Even though the script says the output is for entertainment, facial images and landmarks are sensitive personal data, and silent processing/storage increases privacy, compliance, and misuse risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The function forwards a user-provided external image URL to another component for retrieval/processing without any user-facing warning or consent boundary. Because face images are highly sensitive personal data, silently transmitting the URL to another skill increases privacy and data-handling risk, especially if the downstream tool fetches remote content or logs inputs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script performs personality and psychological inference from facial features and complexion, then presents specific MBTI types, emotional states, and self-guidance content as actionable analysis. Although the header says '娱乐参考', that is not a sufficiently prominent, repeated, user-facing limitation warning for safety-sensitive psychological claims, especially where outputs can influence self-perception or decisions about mental health.

Ssd 4

Medium
Confidence
92% confidence
Finding
This dialogue flow teaches users to open with flattering claims, elicit agreement, and then deepen personal inference, which is a classic trust-building manipulation pattern. In the context of pseudoscientific face reading, it can be used to lower skepticism and extract or shape personal disclosures under false authority.

Ssd 4

Medium
Confidence
95% confidence
Finding
The covert-observation advice encourages users to hide that they are analyzing another person before making inferences about personality or life outcomes. This concealment increases the manipulative character of the interaction and deprives the subject of the opportunity to object or disengage.

Ssd 4

Medium
Confidence
97% confidence
Finding
Practice tasks that repeatedly train users to analyze strangers without notice provide operational instruction for covert profiling. Even if framed as self-improvement, the exercise meaningfully increases capability for manipulative or invasive social behavior.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
83% confidence
Finding
The trigger '面相' is extremely short and likely to appear in ordinary discussion, making accidental activation likely. Because the skill can steer users into sensitive appearance-based profiling and photo analysis, even low-friction misfires have meaningful safety implications.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal