Back to skill

Security audit

Pregnant Prolonged-Standing / Over-Fatigue Detection | 孕妇久站/过度劳累识别

Security checks across malware telemetry and agentic risk

Overview

The skill performs the advertised cloud video analysis, but it also silently creates or reuses a persistent user identity, stores auth tokens locally, and links sensitive home pregnancy footage to external APIs and report history.

Install only if you are comfortable sending sensitive in-home pregnancy-related video or video URLs to the configured Life Emergence services and having reports tied to a persistent local/remote identity. Confirm the pregnant person’s explicit consent, review retention/deletion expectations with the publisher, and consider using a separate workspace/account for this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (23)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            if offset:
                query = query.offset(offset)
Confidence
80% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            return query.scalar()
        finally:
Confidence
80% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises a simple posture/fatigue analysis workflow but declares no permissions while its documented behavior implies shell execution, network access, local file I/O, and environment use. That gap prevents meaningful consent and review, and in this context is especially risky because the skill handles highly sensitive household video of a pregnant person plus identity-linked historical records.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented purpose is narrow health-reference posture analysis, but the skill also describes identity creation/reuse, credential storage, remote platform login, token handling, and historical record retrieval. This mismatch is dangerous because users may provide intimate in-home video believing it is only analyzed for reminders, while the skill can associate that data with persistent identities and external services without transparent disclosure.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill expands from real-time posture reminders into cloud-hosted historical report retrieval and report-link output, which broadens data exposure beyond the user's likely expectation. In a maternal-health home-camera context, retaining and retrieving linked historical reports can expose sensitive behavioral and health-adjacent information if accessed by the wrong party.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The documentation says the tool is only a health-reference reminder system, yet it instructs automatic local saving of uploads and cloud API queries. Automatic persistence and remote transmission of sensitive household pregnancy-related video materially increase privacy risk, especially if done by default and without clear consent boundaries.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Automatic creation or reuse of an internal default user identity is not necessary for basic posture analysis and creates a hidden persistent identifier tying sensitive videos and reports to a local account. In this context, covert identity linkage can enable unauthorized access to historical maternal-health records, cross-session tracking, and accidental disclosure to other local users.

Intent-Code Divergence

Medium
Confidence
81% confidence
Finding
The AI role promises only visual statistics and friendly reminders, but the broader document includes history-query and report-link behavior. This inconsistency is dangerous because it obscures the true data-handling scope, undermining informed consent for a system processing intimate in-home video and health-adjacent records.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The script initializes an internal user identity via `OpenIdUtil.resolve_current_open_id(args.open_id, use_current=bool(args.open_id))` while explicitly hiding the related CLI option and describing it as not shown to users. In a health-monitoring context involving pregnancy-related behavioral data, undisclosed identity binding can enable silent association of sensitive analysis results with a user account, undermining transparency, consent, and privacy expectations.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill accepts arbitrary http/https video URLs and forwards them to downstream analysis, even though the declared workflow is a fixed home camera use case. This broadens data ingress beyond the expected trust boundary and can enable server-side fetching of attacker-controlled URLs, creating privacy, misuse, or SSRF-like risk depending on how the backend retrieves the video.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The file defines a generic user persistence layer including username, real name, email, birthday, token, and open_token storage, which exceeds the manifest's posture/fatigue reminder purpose. In a health-related camera skill, collecting and persisting identity and authentication data broadens the privacy and breach impact surface, especially because the code does not show minimization, encryption, retention limits, or clear necessity.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Implementing account/profile and token-management capability inside a pregnancy posture monitoring skill creates functionality unrelated to the stated health-reference use case. This mismatch is dangerous because it can enable silent expansion from local posture analysis into identity tracking or integration with external services without transparent user consent or clear operational need.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The utility code automatically provisions user identity and performs remote login/registration against a health endpoint, which is outside the stated posture-fatigue monitoring purpose. In a pregnancy-related home camera skill, hidden account creation and backend identity linkage materially expand data collection and create unauthorized external account activity and privacy exposure.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The code derives and persists identity from workspace files and local database records, then reuses it as a default open-id without clear user action. For a pregnancy posture analysis skill, silently binding a persistent identifier across runs and data stores is unnecessary and increases the risk of tracking, cross-session correlation, and misuse of sensitive health-adjacent activity data.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The default trigger is broad enough to activate on generic fixed-camera video analysis requests, increasing the chance that unrelated household footage is processed by this sensitive maternal-health workflow. Over-broad activation is especially risky here because it may cause unintended analysis, storage, or remote upload of private home video without clear user intent.

Vague Triggers

Medium
Confidence
79% confidence
Finding
Keyword-based activation includes broad pregnancy and health-related phrases that can trigger the skill without a precise request for this specific analysis. In a sensitive health and home-surveillance context, such loose triggering can lead to mistaken collection, analysis, or cloud querying of personal data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code reads local video content or accepts a remote video URL and submits it for analysis without any visible disclosure, confirmation, or consent handling in this component. Because this skill processes sensitive health-adjacent and in-home camera footage of a pregnant woman, silent transmission materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script accepts an --api-key parameter but suppresses it from --help output, which reduces transparency around credential handling and can mislead users about what sensitive inputs the tool consumes. Hidden credential parameters are risky because they may encourage insecure invocation patterns, complicate audits, and increase the chance that secrets are passed via command line where they can be exposed through shell history or process inspection.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The tool analyzes pregnancy-related video from a home camera and forwards the input to skill.get_output_analysis without presenting any explicit runtime warning or consent prompt about network transmission to an external service. Because the data concerns a pregnant person inside the home, this is highly sensitive health-adjacent and in-home surveillance content; silent transmission materially increases privacy and compliance risk if users assume processing is local.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Reading an internal identity value from data/smyx-api-key.txt and treating it as an open-id occurs without any user-facing disclosure or consent. This creates covert identity reuse and may unintentionally link the user's activity in this skill to another credential or account context.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code sends identity fields such as openId and mobile in an automatic network login/registration request without a user-facing warning. Even if intended for convenience, transmitting identifiers to a remote service without explicit consent is a privacy and trust violation, especially in a maternal-health-related skill.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The general HTTP helper automatically attaches user identifiers and tokens to outbound requests and may enrich payloads with pnaUserName and tenant metadata without user-facing disclosure. In the context of a home-camera pregnancy monitoring skill, this broad silent transmission increases the privacy impact because sensitive behavioral observations can become linked to persistent identity and backend accounts.

External Transmission

Medium
Category
Data Exfiltration
Content
"source": ConstantEnum.DEFAULT__SKILL_HUB_NAME
            }
            try:
                _response = requests.post(_url, json=_data)
                if _response.status_code == 200:
                    _response_json = _response.json()
                    if _response_json and _response_json.get("success"):
Confidence
95% confidence
Finding
requests.post(_url, json=

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
skills/smyx_common/scripts/config-dev.yaml:2