Back to skill

Security audit

Elderly Loneliness Detection & Warm Companionship | 独居老人孤独情绪识别与温暖陪伴

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent with its elder-care video-analysis purpose, but it handles very sensitive private-room video through cloud services while silently creating or reusing account identity and storing tokens locally.

Install only if the monitored elder and family explicitly consent to cloud processing of private video or audio, cloud report history, automatic identity association, and local token storage. Review the LifeEmergence service trust model, retention practices, and who can access historical reports before using it in a home or care facility.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (19)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises capabilities that include shell execution, network access, file read/write, and environment access, yet declares no explicit permissions or user-facing warning. In a skill that handles highly sensitive in-home elder surveillance and cloud report access, this creates a dangerous mismatch that can hide powerful data access and exfiltration behavior from users and reviewers.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The CLI exposes account-scoped history listing via `--list` and `open_id` handling even though the stated purpose is single-video loneliness analysis. In a highly sensitive elder-care surveillance context, mixing behavioral analysis with identity-linked history retrieval increases the risk of unauthorized access to private mental-health-adjacent records, especially because the identity mechanism is not clearly disclosed to the user.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script performs hidden identity resolution and then uses that identity for account-scoped history access without clear user-facing disclosure or demonstrated necessity for the advertised function. Because the data concerns elderly persons in private living spaces and inferred loneliness-related behaviors, undisclosed identity binding materially raises privacy and surveillance risk.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill accepts arbitrary HTTP/HTTPS video URLs even though the manifest describes analysis of fixed-camera footage from a private home or nursing-home room. This expands the trust boundary to attacker-controlled remote resources, creating SSRF-style exposure, untrusted content ingestion, and the possibility of analyzing unrelated third-party surveillance feeds or sensitive private media without adequate validation.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
The report-listing function exposes analysis history retrieval beyond the stated single-purpose behavior-detection workflow. In a healthcare-like context involving elderly persons in private rooms, listing prior reports can reveal sensitive behavioral assessments and metadata if authorization is weak or callers are over-permitted.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The CLI accepts arbitrary remote URLs for video input even though the skill is described as analyzing footage from a fixed in-home or nursing-home camera. Allowing unrestricted network-supplied media expands the trust boundary and can enable server-side fetching of attacker-controlled resources, including internal endpoints or sensitive network locations if downstream components retrieve the URL. In this elderly/private-room surveillance context, the mismatch is more dangerous because the skill processes highly sensitive behavioral data and the broadened input surface is not justified by the stated purpose.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script exposes historical analysis retrieval by open ID via `show_analyze_list(open_id)` and a hidden `--open-id` parameter, creating an account-scoped lookup capability unrelated to simple video analysis. If authorization is weak in the underlying service, this can enable enumeration or access to another person's history of loneliness-related analyses, which is especially sensitive given the private-home and nursing-room monitoring use case. The hidden/internal nature of the parameter increases concern because it reduces transparency while preserving access functionality.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
This service exposes generic add/edit/delete and arbitrary http_get/http_post/http_put/http_delete wrappers that are not constrained to the stated purpose of analyzing loneliness-related video behavior. In a skill intended for sensitive in-home elderly monitoring, broad network and CRUD primitives increase the attack surface for unauthorized data access, exfiltration, or use of the skill as a general-purpose proxy if higher-level callers can influence URLs or request payloads.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This utility code provisions accounts, obtains tokens from external APIs, and persists identity/token material locally, which is unrelated to the declared elderly video-behavior analysis purpose. In context, this expands the skill from analysis into undisclosed account lifecycle and credential handling, creating privacy, consent, and token exposure risks if the workspace or downstream services are compromised.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The code inspects workspace environment state and local filesystem layout to derive agent/workspace context, which is broader access than expected for a video-analysis-only skill. In this privacy-sensitive elderly monitoring context, hidden workspace introspection increases concern because it can facilitate access to unrelated local data and operational secrets.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest describes an analysis-only skill, but this code performs generic outbound HTTP requests, injects identity and platform metadata, retries authorization, and even handles billing/account-balance flows. That mismatch is dangerous because users and operators may not expect network transmission, account linkage, or payment-related behavior from a local video-behavior analysis tool.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The default trigger is broad enough to auto-activate on generic elderly-home camera analysis requests, without a clear confirmation step or narrow scope check. Because this skill processes intimate surveillance footage and may initiate downstream actions, over-triggering can cause unexpected privacy-invasive analysis or accidental use in contexts the user did not intend.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The history-report query auto-trigger relies on broad natural-language phrases and then mandates direct cloud API access. In a context involving sensitive behavioral reports about elderly people, ambiguous triggering can expose private historical data when a user intended only a general question or summary.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill handles continuous private-room video, optional audio, cloud history queries, behavioral profiling, and automatic interventions, but does not present a prominent warning or consent-focused disclosure near the primary description. Users may not understand that intimate surveillance data is being analyzed and used to trigger notifications or playback actions affecting the monitored person and family.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
`OpenIdUtil.resolve_current_open_id(args.open_id, use_current=bool(args.open_id))` initializes or resolves user identity behind the scenes, while the related argument is suppressed from help output. Hidden identity handling is dangerous because it can tie sensitive video-analysis activity and report history to an internal account without transparent notice, enabling covert tracking or unintended data exposure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code reads arbitrary local file contents into memory and submits them for analysis without any visible consent, warning, or destination disclosure in this component. Because the skill handles intimate in-home/nursing-room elderly video, silent transmission of local footage materially increases privacy and compliance risk and can lead to unauthorized disclosure of highly sensitive personal data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The function reads an internal identity value from a workspace file (data/smyx-api-key.txt) without any visible user-facing disclosure or confirmation. In a skill processing sensitive in-home elderly video context, silently pulling local identity material is a significant transparency and privacy issue and may cause unintended account correlation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The request path automatically transmits user identity data such as openId/mobile/username and related platform fields in outbound requests without an explicit user warning in this code path. Given the declared purpose is loneliness-related video analysis for elderly individuals, undisclosed identity transmission materially increases privacy risk and may violate data minimization expectations.

External Transmission

Medium
Category
Data Exfiltration
Content
"source": ConstantEnum.DEFAULT__SKILL_HUB_NAME
            }
            try:
                _response = requests.post(_url, json=_data)
                if _response.status_code == 200:
                    _response_json = _response.json()
                    if _response_json and _response_json.get("success"):
Confidence
95% confidence
Finding
requests.post(_url, json=

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
skills/smyx_common/scripts/config-dev.yaml:2