warn
suspicious.install_untrusted_source
- Location
- skills/smyx_common/scripts/config-dev.yaml:2
- Finding
- Install source points to URL shortener or raw IP.
高风险行为识别分析工具
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.install_untrusted_source
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A user asking for their own history could receive other users' sensitive risk-analysis or health-related reports if the backend does not enforce its own access controls.
Why it was flagged
The history-list method explicitly allows no open-id filter and then fetches additional pages, which can broaden access from one user's reports to all returned reports.
Skill content
# open_id 检查 - 如果 open_id 为空/None,不添加过滤条件,返回所有报告
data = {}
if open_id:
data["createBy"] = open_id
...
for current_page in range(2, pages + 1):Recommendation
Require and pass the current open-id into every report-list request, enforce server-side authorization, and avoid fetching all pages unless the user explicitly asks for a bulk export.
What this means
Private videos, images, or camera-derived health information may leave the local environment and be processed or stored by the provider.
Why it was flagged
Local media is read and uploaded to the provider API for analysis. This is expected for the stated function, but the data can include faces, homes, medical events, or camera footage.
Skill content
with open(input_path, 'rb') as f:
file_content = f.read()
...
files = {
'file': (os.path.basename(input_path), file_content, mime_type)
}
...
response = self.analysis(
params=params,
files=files
)Recommendation
Use only media you are authorized to share, confirm the provider endpoint and retention policy, and avoid uploading sensitive camera feeds without consent.
What this means
If the skill is configured to use the development environment, sensitive analysis traffic could be sent to an unexpected private HTTP service.
Why it was flagged
A shipped development configuration points to a private, non-HTTPS IP address. It is conditional configuration, not shown as the default install path, but it is risky if selected.
Skill content
base-url-open-api: "http://192.168.1.234:9601/smyx-open-api"
Recommendation
Remove development endpoints from the distributed skill or ensure production use is pinned to a trusted HTTPS endpoint.
What this means
A camera or stream may be monitored continuously, and alerts may be sent when risk is detected.
Why it was flagged
The skill advertises continuous real-time stream monitoring and immediate alerting. This is aligned with elder-care/safety monitoring, but it is long-running and sensitive.
Skill content
实时流分析支持持续监测,检测到风险立即触发预警
Recommendation
Run continuous monitoring only on intended, consented streams; make the stop condition clear; and keep automatic alerts disabled unless configured by the user.