ClawHub

Anxiety-Related Behavior Recognition (Hand-rubbing / Nail-biting / Pacing) | 焦虑症相关行为(搓手、咬指甲、来回踱步)识别

Security checks across malware telemetry and agentic risk

Overview

This skill handles sensitive mental-health video analysis but also sends data to remote services, creates or uses accounts, stores tokens, and includes mismatched health/pet-analysis components that users should review carefully.

Install only if you are comfortable sending sensitive home/office video, identity-linked metadata, and report history to the listed remote services. Avoid using this with minors, counseling rooms, workplaces, or third-party footage unless everyone has explicitly consented. Review and pin dependencies before installation, do not provide phone numbers or reusable credentials unless necessary, and prefer a version that removes the generic health/pet-analysis code, token persistence, and automatic account creation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (18)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to retrieve an open-id from local configuration files or solicit username/phone number before proceeding. That expands scope from video analysis into credential and identity harvesting, and local config inspection may expose secrets unrelated to the user's request.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The workflow silently broadens the skill from analysis of a supplied video into cloud-backed historical report querying and report-link generation. This increases data exposure and may reveal prior sensitive mental-health records without sufficiently clear upfront disclosure and consent boundaries.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest presents the skill as a camera/video analysis tool, but the instructions direct remote API calls and cloud history access. In a mental-health context, this hidden data transmission and remote retrieval materially changes the privacy and security posture of the skill.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The analysis request automatically injects a petType parameter into a skill described as monitoring human anxiety-related behaviors. This mismatch strongly suggests code reuse from an unrelated animal-analysis domain, creating a serious risk that requests are routed to the wrong model or backend logic, causing incorrect health-related inferences, silent data misclassification, or transmission of sensitive human video metadata to an unintended service path.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The anxiety-analysis CLI forwards requests into a generic pet-type workflow by setting a DEFAULT__PET_TYPE and then calling skill.get_output_analysis(input_path) without any visible validation that the loaded model or pipeline matches the claimed human mental-health use case. In a sensitive health-monitoring context, this can cause systematic misclassification, misleading anxiety scores, and inappropriate reminders or counseling decisions based on an unrelated inference pipeline.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documented API behavior is materially inconsistent with the skill's stated purpose of detecting anxiety-related behaviors such as hand rubbing, nail biting, and pacing. Instead, it sends video to a generic remote endpoint and returns face detection plus traditional health/constitution and organ-condition inferences, which suggests either capability mismatch, hidden data repurposing, or deceptive documentation around what user video is actually used for.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The API claims to infer facial condition, organ condition, and traditional health diagnoses from video, which is far beyond what is necessary for an anxiety-behavior monitoring skill and involves highly sensitive health inferences. In this context, the mismatch increases the risk of unauthorized profiling, overcollection of biometric/health data, and harmful or misleading outputs presented as medical-like assessments.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill accepts arbitrary http/https video URLs and forwards them to backend analysis, which expands the trust boundary beyond the described fixed-camera monitoring use case. This can enable server-side fetching of attacker-controlled URLs, potentially causing SSRF-like behavior, unauthorized access to internal resources, or analysis of untrusted remote content without origin restrictions.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill is described as anxiety-behavior video analysis, but this file implements persistent user-account storage including usernames, email, birthday, sex, age, and tokens. That creates a major scope mismatch and expands collection of sensitive personal data beyond what is needed for the stated function, increasing privacy, breach, and misuse risk in a mental-health context where data sensitivity is especially high.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The model stores authentication tokens alongside personal profile data without any visible need tied to behavior recognition. In a mental-health monitoring product, retaining tokens and identifiable attributes in a local SQLite database raises the impact of device compromise or insider misuse, enabling account takeover and exposure of sensitive behavioral/health-adjacent data.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The utility layer performs account creation/login against an external health service and persists returned tokens, even though this file belongs to a skill presented as anxiety-behavior video analysis. That creates undisclosed identity binding and credential handling pathways, expanding data collection beyond the stated purpose and enabling unauthorized account provisioning or cross-service tracking if misused.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The code handles a payment/recharge workflow unrelated to anxiety behavior recognition, indicating the skill can steer users into account-funding actions through backend response manipulation. Mixing mental-health monitoring with hidden monetization logic is risky because it can create deceptive flows, increase attack surface, and undermine user trust in a sensitive context.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are broad enough to auto-invoke on generic anxiety-related terms and uploaded videos, which can cause unintended analysis or history lookup. Because the subject matter is sensitive mental-health monitoring, accidental activation could process or transmit highly private data without clear user intent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill description does not prominently warn users that it performs continuous video monitoring and remote/API handling of sensitive mental-health data. In this context, inadequate notice undermines meaningful consent and can expose intimate behavioral and health-related information to cloud services or third parties.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs clients to upload video files or public video URLs and include an API key, but provides no privacy, retention, consent, or data-handling guidance. Because this skill targets sensitive in-home/office monitoring for mental-health-related behavior, omission of these controls materially increases the risk of exposing intimate video data and misuse of collected personal information.

Missing User Warnings

Medium
Confidence
74% confidence
Finding
The skill reads arbitrary local file contents and submits them for analysis without any visible consent prompt, notice, or narrowing to a trusted capture directory. In a mental-health video context, this increases privacy risk because highly sensitive recordings may be uploaded unexpectedly or with insufficient user awareness.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The utility automatically transmits API and authorization credentials in outbound headers without any evidence in this file of user disclosure, scoping, or minimization. In a sensitive mental-health skill, silent credential propagation increases the risk of unauthorized access, token leakage through downstream systems, and opaque third-party data sharing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The request helper sends user and system metadata such as tenant code, skill hub name, platform name, and username in outbound requests, but this file shows no notice, consent, or purpose limitation. Because the skill concerns anxiety-related behavioral monitoring, undisclosed transmission of contextual and identity-linked metadata is more sensitive and can facilitate profiling or correlation of mental-health data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal