Back to skill

Security audit

Child Focus / Distraction Period Analysis | 儿童专注度与走神时段分析

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform the advertised child focus video analysis, but it also sends sensitive child media and identifiers to cloud services while silently creating and storing local account tokens.

Install only if you are comfortable with child study videos or URLs being processed by the vendor's cloud service and with the skill silently creating or reusing a local identity, logging in to the service, and caching tokens in a workspace SQLite database. Prefer a version that asks for explicit consent before uploads, documents retention/deletion, and provides a way to inspect and remove stored identity data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
Findings (21)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises no explicit permissions while its documented workflow invokes local scripts, reads and writes files, uses shell execution, accesses environment-backed identity state, and communicates with remote services. This hidden capability expansion is dangerous because it prevents informed consent and allows sensitive child video/report data and local identity artifacts to be processed or transmitted without clear disclosure.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented purpose is narrow child-focus analysis, but the behavior expands into hidden account creation/login, token acquisition, local identity persistence, backend history retrieval, and unrelated parameterization. In the context of monitoring children, this is especially dangerous because it obscures cloud processing and user/account linkage of highly sensitive minors' video-derived reports.

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The documentation broadens the skill from on-device or real-time analysis into cloud-hosted historical report lookup and report-link retrieval without making that expansion prominent in the primary description. This increases privacy and security risk by normalizing secondary access to stored child behavioral data and report URLs that may be shared or exposed beyond the immediate analysis session.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill accepts arbitrary http/https video URLs and forwards them to the backend for analysis, which expands data ingestion beyond the stated local camera/study-area use case. In a child-monitoring context, this can enable analysis of unrelated third-party or externally hosted video, increasing privacy, policy, and misuse risk without any apparent origin restrictions or consent checks.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The implementation exposes broader capabilities than the child-focus-monitoring description suggests: it accepts arbitrary remote video URLs and can list prior analyses by open_id. In a surveillance-oriented skill handling children's video, this scope mismatch is dangerous because it can enable unauthorized processing of unrelated videos or retrieval of historical analysis data if identity and authorization controls are weak elsewhere.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The file defines and persists a local sys_user identity store even though the declared skill purpose is child focus analysis from video. This capability expansion increases privacy and attack surface by collecting user records and related state unrelated to the manifest, especially concerning in a child-monitoring context where unnecessary personal data handling should be minimized.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The User model stores identity attributes and authentication-like secrets such as token and open_token without justification from the child focus analysis use case. In a skill processing children's study behavior, collecting and retaining extra identifiers and tokens materially elevates privacy and credential exposure risk if the local database is accessed, copied, or misused.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The utility layer performs remote account provisioning, token acquisition, and persistent token/user caching that are not justified by the declared child-focus video analysis function. This creates hidden identity management and outbound data flows, increasing privacy and supply-chain risk, especially in a skill involving children.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code silently calls a remote login/registration endpoint and can auto-create user identities for callers using generated or reused identifiers. For a child study-monitoring skill, this is unrelated functionality that can enroll users in external services without informed consent and transmit identifiers off-device.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code reads API-key-related identity material from workspace files, falls back to local database records, and generates persistent default identities. This introduces covert user tracking/persistence unrelated to the manifest’s stated analysis task and is particularly sensitive in a child-monitoring context.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The default trigger is overly broad and can auto-invoke analysis whenever a child study-area video is provided, increasing the chance that sensitive footage is processed without clear, contextual confirmation. Because the content concerns minors and surveillance-like monitoring, accidental or silent activation is more dangerous than in ordinary media analysis skills.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill description does not clearly warn users that sensitive child video and derived focus reports may be transmitted to and stored in the cloud, despite later documentation indicating backend APIs and historical report retrieval. This is dangerous because users may share minors' biometric and behavioral data without informed consent or understanding of retention and exposure risks.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill reads arbitrary local file contents into memory and uploads them for analysis, but this code shows no user-facing disclosure, confirmation, or minimization controls around sensitive media transfer. Given the child-focused surveillance context, silently uploading local video raises significant privacy concerns and increases the chance of unintentionally transmitting sensitive footage.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code reads an internal identity value from a workspace file without any visible user notification or consent path. Hidden retrieval of identity material can enable silent linkage of activity and subsequent remote authentication flows.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code persists a generated default user record to local storage automatically, creating durable identifiers without an explicit user warning. This enables silent tracking and can bootstrap later remote account creation or token issuance.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code automatically transmits identity data to a remote login endpoint without explicit disclosure. Because the overall skill monitors children, undisclosed outbound transfer of identifiers materially raises privacy, compliance, and trust risks.

Missing User Warnings

High
Confidence
97% confidence
Finding
Remote tokens and user information are cached to local storage automatically, which increases the blast radius of local compromise and creates hidden credential persistence. In a shared device or classroom/home environment, this can expose account access and user linkage beyond the intended analysis function.

Missing User Warnings

High
Confidence
96% confidence
Finding
The utility performs arbitrary outbound HTTP requests while automatically attaching user, tenant, and token-related identifiers. This broad exfiltration surface is not constrained to the manifest’s declared purpose and is more dangerous given the child-focused monitoring context.

External Transmission

Medium
Category
Data Exfiltration
Content
"source": ConstantEnum.DEFAULT__SKILL_HUB_NAME
            }
            try:
                _response = requests.post(_url, json=_data)
                if _response.status_code == 200:
                    _response_json = _response.json()
                    if _response_json and _response_json.get("success"):
Confidence
97% confidence
Finding
requests.post(_url, json=

Hidden Instructions

High
Category
Prompt Injection
Content
|---|---|
| 📚 文档读取 | 仅在需要时读取参考文档,保持上下文简洁 |
| 📁 格式支持 | 输入要求:支持 mp4/avi/mov 视频,最大 10MB;建议正对面部 + 学习区域 |
| 🧑‍⚖️ 结果性质 | 专注度评分仅作为学习行为辅助参考,本工具不替代家长/教师的实际观察与教育判断 |
| 🔏 隐私合规 | 隐私合规:儿童学习场景视频涉及未成年人隐私,使用前需取得监护人知情同意,并妥善保管/加密相关录像 |
| 🚫 脚本限制 | 禁止临时生成脚本,只能用技能本身的脚本 |
| 🌐 网络地址 | 传入的网络地址参数,不需要下载本地,默认地址都是公网地址,api 服务会自动下载 |
Confidence
88% confidence
Finding

YARA rule 'agent_skill_mcp_tool_poisoning_metadata': MCP/tool metadata poisoning indicators in tool schemas or skill manifests [agent_skills]

High
Category
YARA Match
Content
---
name: "smyx-child-focus-analysis-analysis"
description: "Using the camera built into a smart desk lamp or a tabletop camera, the system analyzes video of the child's study area in real time, detecting behavioral indicators such as face orientation (whether it deviates from the book/screen), eye gaze direction, and fidgeting hand actions (playing with a pen, touching the face, fiddling with objects), and computes a per-minute focus score (0-100) while recording distraction periods. The skill helps parents and teachers understand the child's learning state and optimize study habits. Application scenarios: smart study lamps, home study rooms, classrooms. The system monitors in real time, generates focus reports, and pushes alerts when focus stays persistently low. Skill features: improve learning efficiency. | 通过智能台灯内置摄像头或桌面摄像头,实时分析儿童学习区域的视频,检测面部朝向(是否偏离书本/屏幕)、眼部注视方向、手部小动作(玩笔、摸脸、摆弄物品)等行为指标,计算每分钟专注得分(0-100分),并记录走神时段。该技能可帮助家长和教师了解儿童学习状态,优化学习习惯。应用场景:智能学习台灯、家庭书房、教室。系统实时监测,生成专注度报告,当专注度持续偏低时推送提醒。技能特点:提升学习效率。"
version: "1.0.7"
license: "MIT-0"
---
Confidence
90% confidence
Finding
description:; ‍

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
skills/smyx_common/scripts/config-dev.yaml:2