Back to skill

Security audit

Driver Facial Flushing / Sweat Abnormality Detection | 驾驶员面部潮红/出汗异常检测

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for cloud driver-health video analysis, but it silently links sensitive biometric analysis to persistent identities and stored service tokens.

Install only if you are comfortable sending driver face video or video URLs to the configured lifeemergence.com cloud service and allowing the skill to create/reuse a persistent local identity with stored service tokens. Use it only with informed driver/employee consent and appropriate privacy controls for health-related reports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (29)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            if offset:
                query = query.offset(offset)
Confidence
77% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            return query.scalar()
        finally:
Confidence
76% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares no permissions, yet its documented behavior includes shell execution, local file reads/writes, environment access, and network/API calls. This mismatch prevents informed consent and security review, and it increases the chance that an operator will invoke a capability-rich skill without realizing it can access local state and external services.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill presents itself as a driver-health video analysis tool, but the documented/observed behavior extends to identity creation, token provisioning, workspace/environment data access, history retrieval, and generic remote API usage unrelated to the stated purpose. Description-behavior mismatch is dangerous because it can conceal sensitive data handling and broaden the trust boundary far beyond what a user expects.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill exposes retrieval of prior analysis results by open_id via `show_analyze_list`, which goes beyond the stated real-time video analysis purpose and introduces access to stored user-linked health analysis data. In a driver-health context, this can expose sensitive biometric/medical inferences if open_id values are predictable, reused, or improperly authorized elsewhere in the stack.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The code initializes and uses an internal identity (`open_id`) even though the advertised function is only driver video analysis. Binding sensitive health-related analysis to an internal identifier without clear scope disclosure creates privacy and access-control risk, especially if identities are resolved implicitly and later used to fetch or store analysis history.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill accepts arbitrary HTTP/HTTPS URLs and forwards them to the backend analysis service, even though the declared purpose is in-cabin DMS camera analysis. This expands the trust boundary and can enable misuse of the service for analyzing untrusted third-party content, with possible privacy, policy, or backend request-abuse implications depending on how the downstream service fetches URLs.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill exposes report-history listing functionality that is unrelated to the stated real-time detection purpose, increasing data exposure beyond minimum necessary scope. If access control is weak in surrounding components, this can reveal prior analyses and sensitive health-related metadata to unauthorized users or contexts.

Context-Inappropriate Capability

Low
Confidence
73% confidence
Finding
The skill constructs export links for report images, a capability not described in the manifest, which broadens data dissemination for potentially sensitive health-analysis outputs. Even if the link is only displayed, undisclosed export functionality can enable easier sharing or unintended access to generated reports.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The history-listing capability exposes a broader data access surface than the manifest implies, and it retrieves records based on an `open_id` context rather than a clearly interactive, user-disclosed action. In a health-related driver-monitoring context, access to prior analyses can reveal sensitive biometric or behavioral data if authorization boundaries in downstream components are weak or misapplied.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
This service exposes broad generic HTTP and CRUD wrappers (`page`, `list`, `add`, `edit`, `delete`, `http_*`) that are not narrowly scoped to the stated driver health/video analysis purpose. Such overbroad network capability increases attack surface and can enable unintended data access, modification, or exfiltration if higher-level code passes attacker-controlled URLs, payloads, or uses these helpers outside the intended domain.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The file defines persistent storage and lookup logic for user identities in a skill whose stated purpose is driver flushing/sweat detection from face video. This data collection is not clearly necessary for the declared functionality, increasing privacy risk and expanding the blast radius if the local database is accessed or repurposed.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The User model stores token and open_token values alongside identity fields, which is sensitive authentication-style data unrelated to the manifest's face-video health analysis. If compromised, these fields could enable account takeover, cross-system access, or long-term tracking beyond the skill's stated purpose.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The utility code performs remote account bootstrap, token handling, and API orchestration that are unrelated to the declared in-cabin video health-analysis function. This creates hidden network-side effects, can register or reuse identities without clear consent, and broadens the attack surface by transmitting identity and token material to external services from a skill whose purpose does not justify that behavior.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The code reads workspace identity state and creates persistent default user identities even when no open-id is provided. For a camera-analysis skill, silently binding execution to a stored or auto-generated identity is unnecessary and risky because it enables tracking, persistence, and remote actions under an identity the user may not know exists.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The default trigger activates on broadly described driver-face video inputs, which can cause the skill to run in situations where the user did not specifically request health analysis. Unintended invocation matters here because the skill processes biometric/health-adjacent video and may transmit data to external services.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The historical report query triggers include broad phrases that may match ordinary reporting requests and automatically initiate cloud history retrieval. In a biometric and health-monitoring context, accidental access to historical reports can expose sensitive personal data and fleet-wide monitoring records.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The API documentation explicitly lists `fleet_upload` and `event_record` as recommended actions for health-related driver monitoring events, but provides no notice about privacy implications, consent requirements, retention, or data handling constraints. In a driver-facing health surveillance context, this omission can lead implementers to upload or persist sensitive biometric/health inference data without appropriate safeguards, increasing privacy, compliance, and misuse risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script silently resolves the current open_id without showing the user that an internal identity is being derived or used. In a health-monitoring workflow, silent identity association increases privacy risk because users may unknowingly create persistent, user-linked records of medical or biometric inferences.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The tool accepts either a local video path or remote URL for analysis but does not warn users that the video may be transmitted to external services for processing. Because the content is in-cabin facial video used to infer health state, undisclosed transmission can expose highly sensitive biometric and medical data and may violate user expectations or policy requirements.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code reads local video files and sends their contents to the analysis service without any user-facing notice at this layer. Because these files may contain biometric and health-related imagery, silent transmission creates a meaningful privacy and consent risk, especially in a driver-monitoring context.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill forwards user-supplied remote URLs to the analysis backend without informing the user that the URL will be submitted externally. In this health-video context, that can expose private resource locations or sensitive media to third-party processing without meaningful consent or transparency.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
A hidden `--open-id` parameter is accepted and resolved without user-facing disclosure, which obscures the use of a sensitive identifier and can enable silent account-context selection. In a system handling health-adjacent analysis results, hidden identity selectors increase the risk of unauthorized data access, cross-user confusion, and privacy violations if callers can influence the parameter or surrounding environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The function reads an internal identity/API-key file from the workspace without any user-facing disclosure in a skill that is supposed to analyze driver video. Silent consumption of local identity material can cause unauthorized account association, unintended data linkage, or use of credentials the operator did not expect this skill to access.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code automatically creates agent data/skills directories, supporting persistence without clear disclosure. In context, this is more concerning because the skill's advertised purpose is real-time driver-state analysis, not local state management or installation-time persistence, so filesystem side effects are unexpected.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
skills/smyx_common/scripts/config-dev.yaml:2