Back to skill

Security audit

Elderly Facial Asymmetry / Mouth-Corner Deviation Detection | 老年人面部不对称/口角歪斜识别

Security checks across malware telemetry and agentic risk

Overview

This skill performs the advertised facial analysis, but it also sends sensitive facial-health data to a cloud service while silently creating and persisting an identity and tokens.

Review carefully before installing. Use it only if you are comfortable sending elderly facial images/videos and related report history to the configured cloud service, and verify how identities, report links, local SQLite tokens, and uploaded media are retained or deleted. Obtain explicit consent from the person being monitored or their guardian.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (27)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            if offset:
                query = query.offset(offset)
Confidence
79% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            return query.scalar()
        finally:
Confidence
79% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no permissions while its documented behavior requires shell execution, network access, local file read/write, and likely environment access. This under-declaration prevents reviewers and users from understanding the real trust boundary and increases the chance that sensitive face images, tokens, or local data are handled without informed consent.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill claims local AI facial-landmark analysis, but the documented behavior expands into remote media submission, cloud history retrieval, identity creation, token handling, and local SQLite persistence. This mismatch is dangerous because users may consent to a simple analysis tool while unknowingly authorizing transmission of biometric data and account bootstrapping to external services.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The documentation broadens the skill from one-time facial asymmetry analysis into cloud-based historical report retrieval and report-link output. That changes the data exposure model from transient processing to account-linked longitudinal health data access, which is materially more sensitive in a medical-monitoring context.

Description-Behavior Mismatch

Low
Confidence
80% confidence
Finding
Automatically saving uploaded images or videos to local files exceeds an analysis-only expectation and creates additional persistence of sensitive biometric data. Even if done for processing convenience, undocumented local retention increases exposure to later unauthorized access or accidental leakage.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Automatic creation and reuse of a default local user identity introduces hidden account linkage that is unrelated to simple image analysis. In a health-monitoring skill, silently associating biometric results with a generated identity can expose sensitive medical history and make cross-session tracking possible without clear user awareness.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill accepts arbitrary http/https URLs as analysis input, which expands operation beyond the stated fixed-camera/home-capture workflow and allows the backend to fetch attacker-controlled remote content. In a health-analysis context involving elderly facial imagery, this broad input surface increases privacy, compliance, and server-side request risks because users may unknowingly submit third-party or externally hosted sensitive media.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill exposes report listing and export-link generation features that go beyond the manifest's stated single-purpose analysis behavior. In a medical-adjacent setting, enumerating prior reports or generating export URLs can expose sensitive historical results or create unintended access paths if authorization is weak elsewhere in the stack.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The CLI exposes a history-listing function for prior analyses keyed by an open ID, which is outside the user-described purpose of one-off facial asymmetry screening from a home camera. Because this skill processes sensitive health-related facial data for elderly users, any ability to enumerate or retrieve prior analyses can enable privacy leakage, unauthorized access to medical inferences, or cross-user data exposure if open ID handling is weak or predictable.

Description-Behavior Mismatch

Low
Confidence
74% confidence
Finding
Allowing arbitrary network video URLs broadens the data ingestion path beyond the declared fixed home camera scenario and can introduce server-side fetching risks, ingestion of unauthorized third-party media, or analysis of untrusted remote content. In a health-screening context involving facial imagery of elderly individuals, this mismatch increases the chance of privacy violations and misuse of the service for unintended surveillance or data processing.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
This file exposes generic add/edit/delete and arbitrary HTTP GET/POST/PUT/DELETE wrappers that are far broader than the declared purpose of elderly facial asymmetry analysis. In a skill handling sensitive health-related data, such general-purpose network primitives can enable unintended data access, remote action execution against internal APIs, or expansion of the skill into unrelated capabilities, especially if higher-level code passes user-influenced URLs or payloads.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The get_user_by_username capability is unrelated to the stated purpose of analyzing facial asymmetry for stroke screening and introduces user-account lookup functionality into a health-oriented skill. This unnecessary identity-query feature expands the data-access surface and could facilitate user enumeration or unauthorized correlation between medical data and account identities if exposed through the skill flow.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The file defines a generic user-account DAO with identity fields and token-bearing attributes that exceed the stated purpose of local facial-asymmetry screening. Scope expansion increases the data sensitivity and attack surface of the skill, especially because elderly health monitoring data combined with account data can raise privacy and misuse risks.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Storing authentication-style token and open_token values in a local SQLite table is risky, particularly in a consumer home-monitoring context involving elderly users. If the local database is accessed by another process, user, backup system, or compromised component, those tokens could enable account takeover or unauthorized API access.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The utility performs remote account provisioning, token acquisition, and authenticated API communication that are far outside the stated purpose of local facial asymmetry analysis. In a medical-screening context, hidden network identity management increases the risk of undisclosed data transmission, account creation, and remote service dependency without informed user consent.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The code inspects agent workspace layout and creates skills/data directories, behavior that is unrelated to the advertised medical image analysis function. While not directly exploitative, this expands the skill's filesystem reach and installation-state awareness, which increases risk if combined with other code paths or if the skill runs in a privileged agent workspace.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This code reads identity material from a local API-key file and creates or mutates local user records to establish a persistent open-id. That identity-state management is unrelated to facial asymmetry screening and creates a hidden persistence and impersonation surface, especially problematic in a health-related skill handling elderly users.

Vague Triggers

Medium
Confidence
78% confidence
Finding
Overly broad trigger phrases can cause the skill to invoke cloud history queries when the user did not intend to access account-linked reports. In this context, unintended invocation is risky because it may fetch sensitive medical and biometric records based on ambiguous language.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill permits automatic local saving of uploaded images and videos without a prominent user-facing warning, despite handling facial biometrics of elderly users. Silent storage of this data increases privacy and security risk because users may not realize copies remain on disk after analysis.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code silently resolves and initializes an internal user identity without clear user disclosure, which can cause analysis requests or history lookups to run under an unexpected account. In a health-related skill handling elderly facial imagery and analysis records, hidden identity binding raises privacy, auditability, and unauthorized data association risks even if no explicit authentication bypass is shown here.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code reads local file contents or forwards a supplied video URL to the analysis service without any visible user-facing notice, confirmation, or consent mechanism in this component. Because the data consists of elderly facial images/videos used for health screening, silent transmission of biometric and health-related information presents meaningful privacy and compliance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill silently reads data/smyx-api-key.txt to derive an internal identity value without any user-facing disclosure. Secret or identity material should not be consumed implicitly in a medical-screening skill because users would reasonably expect local analysis, not credential harvesting or hidden identity reuse.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The code automatically sends identity data such as openId and mobile to a remote phoneLogin endpoint with silent registration enabled, without any consent or warning. In the context of a healthcare-adjacent skill, covert registration and transmission of user identifiers materially increase privacy and compliance risk.

External Transmission

Medium
Category
Data Exfiltration
Content
"source": ConstantEnum.DEFAULT__SKILL_HUB_NAME
            }
            try:
                _response = requests.post(_url, json=_data)
                if _response.status_code == 200:
                    _response_json = _response.json()
                    if _response_json and _response_json.get("success"):
Confidence
97% confidence
Finding
requests.post(_url, json=

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
skills/smyx_common/scripts/config-dev.yaml:2