Back to skill

Security audit

Family / Couple Conflict Intensity Detection | 夫妻/家庭争吵强度识别

Security checks across malware telemetry and agentic risk

Overview

This skill is for a sensitive in-home conflict-monitoring use case and its code can upload audio/video, create or reuse account identity, persist tokens, and query cloud reports with under-disclosed controls.

Review this before installing. It may send household audio/video or video URLs to external LifeEmergence services, create or bind an account automatically, store local identity/token data, and retrieve prior conflict reports. Use only with explicit consent from affected household members and only if cloud processing and account-linked history are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (27)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            if offset:
                query = query.offset(offset)
Confidence
73% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            return query.scalar()
        finally:
Confidence
72% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no permissions while its documented behavior requires shell execution, local file handling, environment access, and network communication. This creates a transparency and governance gap: reviewers and users cannot accurately assess what the skill can do, which is especially risky for a skill handling highly sensitive household audio/video.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The documented purpose describes local real-time conflict-intensity analysis, but the behavior apparently includes remote history queries, identity resolution/creation, token management, and backend upload/submission of media. This mismatch can mislead users into providing sensitive family audio/video under false assumptions about on-device processing, data flow, and feature scope.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill documentation expands scope from conflict analysis into cloud history-report querying and report-link retrieval, which introduces additional access to potentially sensitive prior household incident records. Undeclared secondary data access increases privacy risk and can expose users to broader surveillance or unauthorized record enumeration if controls are weak.

Description-Behavior Mismatch

Low
Confidence
82% confidence
Finding
Automatic local saving of uploaded media is an undeclared data-handling behavior. For highly sensitive family conflict recordings, undisclosed local persistence increases the chance of accidental retention, leakage, or later unauthorized access on the host system.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The documentation says original audio must not be uploaded to external services, yet other parts describe URL/API-based remote processing of uploaded media. This contradiction is dangerous because users may believe intimate household audio stays local when it may actually be transmitted to a backend, creating serious privacy and compliance risk.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The documented history query and full report export endpoints materially expand the skill beyond the stated real-time detection and app reminder scope into retrospective surveillance and bulk report access. In a family-conflict monitoring context, those capabilities increase the risk of privacy abuse, coercive monitoring, and unauthorized access to highly sensitive household behavioral records if authorization, retention, and consent controls are weak or absent.

Intent-Code Divergence

Medium
Confidence
81% confidence
Finding
The document asserts that raw voice is not uploaded and long-term raw audio/video storage is prohibited, yet the API architecture describes server-side analysis/result retrieval without explaining where inference occurs or how raw media is prevented from reaching or persisting on the backend. In this context, that gap is dangerous because the system processes intimate in-home audio/video, so undocumented data flows can lead to covert collection, retention, or exposure of sensitive family interactions.

Description-Behavior Mismatch

Low
Confidence
75% confidence
Finding
The script exposes retrieval of analysis history by open_id through `show_analyze_list`, which goes beyond the manifest's stated detection function and introduces access to potentially sensitive household-conflict analysis records. In a family-conflict monitoring context, such records are highly privacy-sensitive, and undocumented listing functionality increases the risk of unauthorized data exposure or misuse if identity binding and authorization are weak elsewhere in the stack.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The script initializes an internal user identity and uses that identity to access analysis listings, without clear necessity for the stated local conflict-intensity detection purpose. In this context, tying sensitive audio/video-derived family-conflict results to a persistent identity raises privacy and access-control concerns, especially because household conflict data can reveal intimate behavioral patterns and domestic safety issues.

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The skill exposes report export-link generation and report listing behavior beyond the manifest’s stated conflict-intensity analysis and alerting scope. This scope mismatch is security-relevant because it can enable access to historical analysis artifacts and report URLs that users or reviewers would not expect from the declared functionality, increasing privacy and data exposure risk.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The code accepts arbitrary remote video URLs even though the skill is described as operating on a fixed living-room camera feed. Allowing URL-based ingestion broadens the trust boundary and can be abused to analyze unintended third-party content or trigger backend fetching of attacker-controlled URLs, creating privacy and potential SSRF-style risks depending on the downstream service.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The script exposes a history-listing capability via `--list` and `open_id` resolution that goes beyond the manifest’s stated real-time conflict-intensity detection function. In a family-conflict monitoring context, historical analysis results are highly sensitive behavioral data, so exposing retrieval by account/context identifier expands access to private surveillance-derived records and increases the risk of unauthorized disclosure or misuse.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill accepts arbitrary remote video URLs even though the described product scope is a fixed living-room camera performing real-time analysis. This broadens the data ingestion surface to analyze external or third-party footage, enabling out-of-scope surveillance use and potentially causing the backend to fetch attacker-controlled URLs or process unintended sensitive content.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The import and later use of OpenID-based context resolution introduces account-scoped identity handling in a skill that is described as simple media analysis. In this context, identity linkage is especially sensitive because the outputs concern domestic conflict intensity, so unnecessary identity binding increases privacy risk and creates a path for cross-user data access if identifiers are mishandled.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
This utility provisions, resolves, and persists user identity state and tokens even though the declared skill is for family-conflict intensity analysis. That creates unnecessary identity handling and silent account linkage behavior, expanding the privacy and security footprint beyond the skill's stated purpose.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code silently performs remote login/registration against an external health API using locally derived usernames/open IDs. For a living-room audio/video conflict-analysis skill, this is out of scope and dangerous because it can create or bind remote accounts and transmit identity data without clear user awareness.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The general request wrapper automatically injects user/account metadata, tenant values, skill hub identifiers, and payment-flow behavior into outbound requests. This significantly exceeds the described analytics-only purpose and increases the chance of covert data sharing, account correlation, and unexpected monetization behavior.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The function reads the entire local video file and uploads it to an analysis service without any visible consent prompt, disclosure, minimization, or redaction controls in this code path. Because the skill processes highly sensitive in-home audio/video relating to family conflict, undisclosed transmission can expose intimate personal data and create substantial privacy and compliance risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
When debug mode is enabled, HTTPConnection and urllib3 debugging are turned on globally, which can expose full request/response contents in logs. In this skill context, logs may contain sensitive household-monitoring metadata, identifiers, and auth tokens from related request helpers.

Missing User Warnings

Low
Confidence
90% confidence
Finding
Reading an internal identity value from a local key file without explicit disclosure broadens credential-like access in a skill that is supposed to analyze conflict intensity. Even if it is only an internal identifier, it can silently bind user activity to an existing account context.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The helper performs an outbound login/registration request automatically and without an explicit user-facing warning. In a surveillance-adjacent household monitoring skill, undisclosed outbound identity traffic is especially sensitive because users may reasonably expect local-only analysis or narrowly scoped notifications.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This general HTTP helper transmits identifiers and auth headers, and may include user/account metadata in request bodies automatically. That is risky because it normalizes silent data export from a skill handling highly sensitive in-home audio/video-derived events, making cross-service correlation and privacy harm more likely.

External Transmission

Medium
Category
Data Exfiltration
Content
"source": ConstantEnum.DEFAULT__SKILL_HUB_NAME
            }
            try:
                _response = requests.post(_url, json=_data)
                if _response.status_code == 200:
                    _response_json = _response.json()
                    if _response_json and _response_json.get("success"):
Confidence
98% confidence
Finding
requests.post(_url, json=

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
skills/smyx_common/scripts/config-dev.yaml:2