Back to skill

Security audit

Infant Suffocation Risk Detection | 婴幼儿趴睡窒息风险识别

Security checks across malware telemetry and agentic risk

Overview

The skill matches its infant-video analysis purpose, but it also silently creates or reuses an identity, stores tokens locally, uploads sensitive child-monitoring media to cloud APIs, and exposes history/export links with limited user-facing control.

Install only if you are comfortable sending infant bedroom video or video URLs to the Life Emergence cloud service and having reports tied to a silently managed local identity. Before use, confirm who controls the backend account, where tokens and reports are stored, whether export links expire, and how child-monitoring data can be deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (27)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            if offset:
                query = query.offset(offset)
Confidence
86% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            return query.scalar()
        finally:
Confidence
84% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises no declared permissions, yet the documentation clearly instructs use of environment access, local file read/write, network communication, and shell execution. This mismatch weakens reviewability and least-privilege controls, making it easier for sensitive infant video, tokens, or report data to be accessed or exfiltrated without transparent permission gating.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented purpose is a narrowly scoped infant-safety video analysis skill, but the behavior expands into hidden account initialization, local identity/token persistence, cloud history retrieval, export links, and generic remote APIs. That scope mismatch is dangerous because users may consent to crib-video analysis without understanding that the skill also creates/reuses identities and accesses broader cloud-side report data tied to an account.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill extends from real-time suffocation-risk detection into cloud history-report retrieval and report-link output, which broadens data access beyond immediate safety monitoring. In the context of infant monitoring, that expansion increases privacy risk because historical records and links may expose sensitive child-monitoring data not necessary for the current analysis task.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
Automatic cloud-based historical report querying is not necessary for basic visual risk detection and expands the skill into account-linked data retrieval. Because the data concerns infant monitoring, unnecessary automatic access to cloud history raises confidentiality and overcollection concerns, especially if triggered by broad phrases.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The documentation says the system may automatically create and reuse a local default user identity and silently associate reports without user visibility. Hidden identity initialization and persistence are especially risky in a child-monitoring skill because they can enable unconsented account linkage, cross-session tracking, and exposure of sensitive infant video/report history.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill exposes a listing function for prior analyses keyed to an OpenID, which expands behavior beyond real-time local/video analysis into user-linked history retrieval. In a baby-monitoring context, this can reveal sensitive monitoring metadata or analysis history if identity handling is weak or unexpected, increasing privacy and access-control risk.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The code performs hidden internal identity resolution via OpenID even though the user-facing function is video analysis, not account operations. In this context, silently binding analysis actions to an internal identity can enable undisclosed tracking, unexpected data association, and accidental access to another user's history or backend state.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill accepts arbitrary HTTP/HTTPS video URLs, which materially expands its behavior beyond the described fixed baby-monitor camera workflow. This can enable server-side fetching of attacker-controlled URLs, creating privacy, misuse, or SSRF-style exposure depending on how the downstream analysis service retrieves the media.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The report-history listing and export-link generation introduce data-access functionality not described in the manifest's real-time detection/alerting scope. In a baby-monitoring context, stored reports and export URLs may expose sensitive infant-health or household monitoring data, especially if access control is weak elsewhere in the stack.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The script includes a history-listing path that retrieves prior analysis records for an open_id, which is broader than a simple local video analysis tool and can expose sensitive historical infant-monitoring data if identity binding or authorization is weak elsewhere in the stack. In this context, sleep posture and suffocation-risk records are highly sensitive family/child data, so even read-only listing functionality materially increases privacy risk.

Description-Behavior Mismatch

Low
Confidence
81% confidence
Finding
Accepting arbitrary remote video URLs expands the trust boundary from a fixed baby-monitor source to any network-reachable content, which can enable unintended data exfiltration, backend abuse, or SSRF-style issues depending on how skill.get_output_analysis fetches the URL. Even if this file does not perform the fetch itself, exposing unrestricted URL input for a safety-critical infant-monitoring skill is an unsafe interface choice.

Context-Inappropriate Capability

Medium
Confidence
78% confidence
Finding
The code stores and manipulates token and user-account data locally despite the declared purpose being infant sleep-risk video analysis. In a safety-critical child-monitoring context, unnecessary credential persistence broadens the attack surface and creates privacy/security risk if the local SQLite database is accessed by other components or users on the device.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
This utility file contains identity resolution, credential loading, account provisioning, local user persistence, and a generic authenticated API client that are far broader than the stated infant suffocation-risk detection purpose. In a safety-critical baby-monitoring skill, bundling undisclosed backend identity and account-management behavior materially increases privacy, supply-chain, and misuse risk because the skill can act under hidden credentials and interact with unrelated services.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The code can silently derive an identity, call a remote /sys/phoneLogin endpoint with register=1 and silent=1, obtain tokens, and persist them locally. That enables undisclosed account creation/provisioning unrelated to infant-monitoring, which is dangerous because it may enroll users in external systems without informed consent and creates persistent credentials that can be abused later.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The agent workspace discovery logic inspects environment variables, script paths, and parent directories to locate broader workspace, data, and skills directories. While not directly exploit code, it expands filesystem awareness and operational reach beyond the skill's stated infant-video function, increasing the blast radius for any later misuse of file or credential access.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The default trigger can activate whenever a crib-monitoring video URL or file is provided, even without explicit user intent to perform suffocation-risk analysis. For a skill handling infant video and remote APIs, overly broad invocation increases the chance of unintended processing, cloud transmission, and retention of sensitive footage.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The notes discuss privacy in general but do not clearly warn that infant videos or URLs are transmitted to remote API services for analysis and history/report retrieval. This lack of transparent disclosure is dangerous because users may unknowingly send highly sensitive footage of a child to a cloud service, undermining informed consent and privacy compliance.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation specifies 24/7 infant video capture, including infrared night vision, but provides no privacy, retention, consent, or access-control guidance. Because this system monitors a highly sensitive environment involving children in a bedroom/nursery, omission of data handling safeguards materially increases the risk of surveillance abuse, unauthorized access, and noncompliant collection of sensitive personal data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The API exposes full report export functionality, and the same document references snapshot URLs, but does not describe authorization boundaries, URL protection, expiration, or redaction of sensitive content. In this infant-monitoring context, exported reports and images can reveal intimate household activity and child-related health/safety events, making accidental exposure or insecure sharing particularly harmful.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Using a hidden open-id mechanism without user-facing disclosure is a transparency and privacy flaw, especially in a baby-monitoring skill handling highly sensitive household data. Users may be unaware that operations are tied to an internal identifier, which can lead to covert data linkage and unexpected access patterns.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code reads local file contents and transmits them for analysis without any visible user-facing notice or consent gate in this path. Because the skill handles infant sleep videos, this creates heightened privacy risk: users may unknowingly upload sensitive in-home footage to a remote service.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The hidden --api-key parameter indicates networked processing with credentialed access while suppressing visibility in help output, reducing informed user awareness about authentication and possible transmission of sensitive infant video data. Hidden credential pathways are risky because they obscure security-relevant behavior and can encourage unsafe operational practices or accidental misuse.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill reads a sensitive credential/identity file from the workspace data directory without any user-facing disclosure or consent. In this context, that is risky because a baby-monitoring skill should not implicitly harvest local API key material or internal identifiers unrelated to detecting infant posture and suffocation hazards.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
skills/smyx_common/scripts/config-dev.yaml:2