Back to skill

Security audit

Teen Phone / Game Screen Addiction Detection | 青少年沉迷手机/游戏行为识别

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it can upload sensitive video of minors to a remote service while creating or reusing account identity and cloud report history with limited user control.

Install only after confirming you trust the remote service and understand exactly where videos, identifiers, reports, and tokens go. For use with minors, require guardian and child consent, verify retention/deletion controls, disable broad automatic history lookups, avoid arbitrary remote URLs, and require the publisher to document endpoints, authorization, token storage, and report access controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (28)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises no explicit permissions while the documentation clearly requires shell execution, local file handling, network access, and likely environment usage. This mismatch is dangerous because it hides the true operational scope from reviewers and users, reducing informed consent and weakening policy enforcement for a surveillance-oriented skill handling sensitive data about minors.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The documentation expands the skill from local posture/screen-time analysis into cloud history lookup and remote report retrieval, which is materially broader than the stated behavior. This creates hidden data-flow and privacy risks because users may believe the skill performs local inference while it actually accesses remote records and linked reports, especially problematic for minors' behavior data.

Description-Behavior Mismatch

Low
Confidence
85% confidence
Finding
The skill claims limited output capabilities but the body adds app pushes, smart-device voice prompts, and report-link generation. While not necessarily an exploit by itself, this is a real security-relevant scope expansion because it introduces external side effects and additional delivery channels that are not clearly declared up front.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill describes automatic creation and reuse of a default local identity for report association, despite the core task being camera-based behavior analysis. Hidden identity persistence is dangerous because it enables silent cross-session tracking and linkage of sensitive minors' monitoring data without transparent user choice or clear necessity.

Intent-Code Divergence

Low
Confidence
76% confidence
Finding
The documentation prohibits reading local historical data while simultaneously saving uploads locally and maintaining/reusing local identity state. This inconsistency weakens trust boundaries and can lead to accidental or intentional local data reuse despite stated restrictions, especially in a sensitive surveillance context.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as teen screen-addiction analysis, but it exposes a pet-type control that is unrelated to the declared purpose. This indicates code reuse or feature mismatch that can cause the analysis pipeline to behave unexpectedly, weaken operator trust, and hide undeclared processing paths beyond the advertised scope.

Description-Behavior Mismatch

Low
Confidence
88% confidence
Finding
The file implements a list operation keyed by an internal user identifier even though the skill description focuses on analyzing supplied video input. Adding history/listing behavior expands the data-access surface and may expose prior analyses or metadata that users did not expect from an analysis-only tool.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill imports and uses OpenID-style identity utilities despite the stated purpose being local/video analysis. Introducing identity linkage without clear necessity creates unnecessary collection of user identifiers and enables correlation of analysis results to individuals, which is especially sensitive in a minor-monitoring context.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The code accepts any http/https URL as a video source and forwards it for analysis, which materially broadens the skill beyond the stated fixed-camera local monitoring use case. This can enable analysis of arbitrary third-party or internet-hosted content, increasing privacy, consent, and misuse risk, especially given the subject matter involves minors and surveillance-style analysis.

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
The skill exposes report listing and export-link generation capabilities that exceed the manifest's described analysis-and-alert behavior. If these methods are reachable without proper authorization checks elsewhere, they can facilitate enumeration of prior reports and access to exported report artifacts, potentially exposing sensitive monitoring data.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
This file exposes generic network-capable CRUD helpers (`add`, `edit`, `delete`, `http_post`, `http_put`, `http_get`, `http_delete`) that can access arbitrary URLs and mutate remote state, which is materially broader than the declared purpose of posture/time analysis for adolescent screen use. In a surveillance-oriented skill that may handle sensitive household or school data, this overbroad capability increases the chance of unauthorized data exfiltration, hidden remote control paths, or misuse by other components.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The code supports arbitrary endpoint access and remote data mutation through thin wrappers that accept caller-supplied URLs and arguments without visible validation or scope restriction. Because the skill context involves monitoring minors via fixed cameras, any unnecessary remote write/delete capability is more dangerous: it could be used to transmit sensitive observations, alter records, or interact with unintended backend services beyond the manifest-described analytics behavior.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The file implements a generic user-account table storing personally identifiable information such as username, realname, email, birthday, age, and sex, which is unrelated to the declared teen screen-posture/time analysis purpose. In the context of a surveillance-oriented adolescent monitoring skill, collecting and retaining extra identity data expands privacy risk and increases harm if the local database is accessed or repurposed.

Context-Inappropriate Capability

High
Confidence
94% confidence
Finding
The User model persists token and open_token values in plaintext alongside identity attributes, but the manifest describes only local posture and screen-addiction detection. For a skill involving minors and fixed cameras in homes or schools, storing reusable credentials without clear necessity materially increases the risk of account compromise, impersonation, and secondary access if the SQLite file is copied or exposed.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The utility code performs remote account login/registration, token acquisition, token persistence, and authenticated API request handling, which is unrelated to the stated local camera/posture analysis purpose of the skill. This creates undisclosed external identity use and data transmission paths, expanding the trust boundary and enabling silent account creation or backend interaction without clear user consent.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The code reads identity material from the workspace and environment, then silently resolves or creates a default open-id and persists it for future use. For a skill whose described function is detecting teen screen addiction from fixed-camera posture analysis, this identity harvesting/provisioning is unnecessary and introduces hidden user/account tracking behavior.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The default trigger activates on essentially any provided relevant camera video, which is overly broad for a skill that monitors adolescents in homes and schools. Overbroad invocation increases the chance of unintentional analysis of sensitive footage and unexpected processing of minors' data without sufficiently specific user intent.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The keyword triggers include broad phrases related to eye health and parental intervention, allowing the skill to activate outside a clearly bounded screen-addiction use case. In practice, that can cause sensitive behavioral monitoring workflows to launch based on ambiguous language, increasing privacy and consent risks.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill auto-runs cloud history queries from broad natural-language phrases without clear boundaries or separate confirmation. That is dangerous because historical reports about minors are especially sensitive, and automatic retrieval can expose prior monitoring records unexpectedly.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code resolves an internal OpenID-style identity implicitly and suppresses the user-facing argument/help text, meaning identity processing can occur without transparent notice. In a tool analyzing adolescents from home or school cameras, hidden identity resolution materially increases privacy risk by silently tying sensitive behavioral inferences to a user account.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code reads the entire local file and transmits it to the analysis service without any visible user-facing consent, warning, or minimization controls in this component. Because the skill analyzes videos of adolescents in home/school settings, silent upload of raw video creates significant privacy and compliance risk if users are not clearly informed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill analyzes adolescent video from homes, study rooms, or schools and forwards an input path or URL into `skill.get_output_analysis(...)` without any explicit privacy, consent, or network-transmission warning. Given the highly sensitive subject matter and likely presence of minors on camera, silent remote processing increases the risk of unauthorized disclosure of biometric/behavioral data and location-linked surveillance footage.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
FileUtil.open() opens any supplied path in write mode, which will overwrite existing files. In a shared utility used by skills, this becomes dangerous if caller-controlled paths reach it, because arbitrary workspace files could be clobbered without warning, backup, or path restriction.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
In debug mode, the code logs request URLs, params, data, and response contents for HTTP calls. Even though headers are partially sanitized, request/response bodies may still contain sensitive identifiers, tokens, personal data, or backend responses, causing inadvertent disclosure through logs.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code reads credential or identity-related values from OPENCLAW_WORKSPACE-derived paths and a local data/smyx-api-key.txt file without any user-facing notice. Hidden consumption of local identity material increases privacy risk and can couple unrelated local secrets or identifiers to this skill's backend behavior.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
skills/smyx_common/scripts/config-dev.yaml:2