ClawHub

Adult Facial Fatigue / Stress Index | 成人面部疲劳/压力指数分析

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill performs plausible facial fatigue analysis, but it sends sensitive face/wellness data to a remote service, ties results to user identifiers, and persists account tokens with insufficient disclosure and scoping.

Review before installing. Only use this if you are comfortable sending face images or videos and a user identifier to the publisher's remote services, having report history stored/retrieved in the cloud, and having local account tokens written to a SQLite database. Prefer a pseudonymous open-id, avoid phone numbers, do not enable debug logging, and ask the publisher for retention, deletion, access-control, and dependency-fix details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (17)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill broadens from local facial analysis into cloud-backed storage and retrieval of user-linked reports via open-id, creating an unexpected secondary use of biometric-adjacent data. Because facial images and stress/fatigue results are sensitive, tying them to a persistent identifier increases privacy risk, tracking risk, and the blast radius of any backend or account compromise.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to read api-key/open-id values from local config files or request them from the user, even though the visible task is fatigue scoring. This is dangerous because it encourages credential harvesting and reuse from the workspace, and combines sensitive facial data with persistent personal identifiers without clear necessity or informed consent.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The API documentation describes a remote video-analysis service that returns TCM-style constitution and organ-condition diagnoses, which is materially different from the stated skill purpose of computing a facial fatigue/stress index from a few visible facial features. This mismatch is dangerous because it indicates either undocumented data processing or a repurposed backend, increasing the risk of deceptive functionality, over-collection of biometric/health data, and unsafe downstream use of medical-like outputs.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Inferring organ conditions and constitution from facial video is an extraordinary health claim not justified by the skill's declared fatigue/stress analysis scope or by the documented inputs. This is dangerous because users or integrators may treat speculative, medical-like inferences as valid health information, leading to deceptive health assessment, privacy harm, and potentially harmful decisions based on unsupported outputs.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The file exposes generic record-management methods (`page`, `list`, `add`, `edit`, `delete`) that go beyond the skill's described purpose of performing facial fatigue/stress analysis and returning an index. In a camera- and biometric-related skill, unnecessary CRUD operations expand the attack surface and may allow unauthorized enumeration, modification, or removal of device or analysis records if higher layers do not strictly enforce authorization.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The `delete(cameraSn)` method provides device-deletion capability tied to a camera serial number, which is not justified by the stated purpose of analyzing adult facial fatigue/stress. In the context of smart mirrors, office health displays, or attendance terminals, exposing deletion of camera/device records can disrupt monitoring, tamper with enrolled infrastructure, and potentially facilitate denial of service or cover tracks if abused.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The code accepts arbitrary http/https URLs and forwards them as videoUrl for backend analysis, which expands the documented capture model from local smart-mirror/selfie inputs to unrestricted remote content ingestion. This can enable server-side fetching of attacker-controlled URLs, creating SSRF-like risk, policy bypass, and privacy/compliance issues if the backend can reach internal or sensitive network locations.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill exposes report-history data and constructs export URLs for report images, which goes beyond the manifest's described single-use fatigue/stress analysis behavior. In a health-related facial analysis context, report listings and exported images can reveal sensitive biometric/health inferences and broaden data exposure if access control is weak or callers are not properly scoped.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The module implements a generic persistence layer plus a user/account table for usernames, email, birthday, age, and tokens, which materially exceeds the stated purpose of facial fatigue/stress scoring. In a skill handling sensitive face-derived wellness data, adding broad account persistence increases data-collection scope, retention, and attack surface without clear necessity.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The User model stores identity-linked fields and authentication material such as token and open_token, yet this is not justified by a facial fatigue/stress analysis skill description. Storing tokens alongside personal profile data tied to biometric-adjacent analysis creates a significant privacy and account-compromise risk if the local database is accessed or exfiltrated.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The utility automatically creates or logs in remote user accounts and manages tokens inside a generic HTTP helper, which is unrelated to local facial-fatigue analysis. This silently couples any skill use to backend identity operations and external data transmission, increasing the chance of unauthorized account creation, credential misuse, and privacy violations if invoked without explicit user consent.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The code persists tokens and user account data via DAO operations in a common utility, giving the skill durable credential-handling capability that is not justified by the described analysis purpose. Persistent storage of tokens expands the blast radius of compromise and can enable account replay or impersonation if the local store or logs are exposed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill does not clearly warn users that face images/videos and identifiers may be transmitted to a remote API, despite handling highly sensitive biometric and wellness-related data. Without prominent pre-transmission notice and consent, users can unknowingly expose personal images and linked analysis records to external services, creating privacy, compliance, and misuse risks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs clients to upload videos or provide public video URLs to a remote endpoint, but it gives no warning about transmission of sensitive biometric data, retention, sharing, or consent requirements. In this skill context, the data is high-resolution face imagery used for health-related inference, which makes the privacy risk more serious than a generic media upload because it combines biometric identifiers with sensitive wellness information.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code reads the entire local file and uploads it to a remote analysis service via self.analysis without any user-facing notice in this file. Because the skill processes facial images/videos and derives fatigue/stress indicators, silent remote transfer raises meaningful privacy, consent, and data-handling risk for sensitive biometric and health-adjacent information.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The CLI requires an `open-id` that may contain personally identifiable information such as a username or phone number, and the skill context involves biometric/facial analysis, which increases privacy sensitivity. The script provides no user-facing notice, consent prompt, minimization, or masking before passing the identifier into shared configuration and downstream processing, creating risk of unnecessary personal-data transmission and exposure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
When debug mode is enabled, the code turns on low-level HTTP connection debugging and verbose urllib3 logging, which can expose request URLs, headers, parameters, and possibly authentication material or sensitive user data. Because this utility also handles tokens and user identifiers, the logging behavior materially increases the risk of credential and privacy leakage.

Static analysis

Install untrusted source

Warn
Finding
Install source points to URL shortener or raw IP.

Dep not found on registry

Critical
Finding
1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal