Child Dangerous Object Contact Detection | 儿童接触危险物品识别

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill appears to be a cloud-backed child video monitoring tool, but it asks for and transmits sensitive identifiers and child/home video while adding unclear account, history, token-storage, and possible health/face-analysis behavior.

Review carefully before installing. Only use it if you intend to send child/home video and identifiers to the publisher's cloud service, accept cloud history retrieval, and are comfortable with local token storage and possible silent account setup. Prefer a version with explicit consent prompts, documented retention/security controls, scoped URL inputs, no unrelated face/health analysis artifacts, and corrected dependencies.

SkillSpector (20)

By NVIDIA

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to obtain an open-id from local configuration files or directly from the user before proceeding, tying video analysis to identity data and encouraging access to workspace secrets/configuration. That is not necessary for basic detection and creates an avoidable pathway for collecting credentials or persistent identifiers associated with sensitive child-safety footage and reports.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill expands from real-time hazard detection into cloud-based historical report retrieval and formatted listing of prior reports. This secondary data-processing function increases retention, discoverability, and exposure of sensitive historical child-monitoring data without being clearly described in the manifest, raising privacy and access-control concerns.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The documented API behavior is materially inconsistent with the skill's stated purpose. A child dangerous-object detection skill should describe object/behavior recognition and alerts, but this document instead specifies face detection and health/constitution diagnosis, indicating either undocumented scope expansion or misrepresentation of actual data use; both create serious security and privacy risk.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: Face-based health or physiognomy-style diagnosis is unjustified for this skill and involves highly sensitive inference from video, potentially including children. In the context of continuous home or childcare monitoring, this expands surveillance well beyond safety alerts and can enable invasive biometric profiling without a clear necessity or valid purpose limitation.

Intent-Code Divergence

Medium

Confidence: 87% confidence
Finding: The comment says open_id is for local recognition only and should not be sent to the API, but the implementation still forwards remaining arguments into page() calls. If callers provide sensitive identifiers or assume they are kept local, this mismatch can leak identifiers or metadata to the backend, which is especially concerning in a child-monitoring context where report history may contain sensitive household activity data.

Description-Behavior Mismatch

Medium

Confidence: 83% confidence
Finding: The script exposes a history-listing function that returns prior analysis outputs, but the skill description focuses on real-time safety alerts rather than retrospective data access. In a child-monitoring context, historical analysis records may contain sensitive behavioral events or images, so undocumented access paths increase privacy and data-exposure risk if invoked by unauthorized or unexpected users.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The function accepts arbitrary remote URLs and forwards them to backend analysis logic, which is broader than the stated fixed-camera home monitoring use case. This can enable analysis of third-party or non-consensual video sources and may also expose the backend to untrusted remote content retrieval, increasing privacy and abuse risk in a surveillance-oriented skill.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: This module persists usernames, email addresses, birthdays, tokens, and open tokens in a local SQLite database, but that capability is not justified by the stated child-dangerous-object-detection purpose. Collecting and storing account credentials/tokens alongside a child-monitoring skill expands the privacy and attack surface significantly, especially in a context involving home and child-related data.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The generic RequestUtil.http_request helper can send authenticated requests to arbitrary URLs/paths while automatically attaching app identifiers, tokens, tenant metadata, and user identifiers. It also performs implicit account lookup/provisioning unrelated to the stated child-danger camera detection purpose, creating an overprivileged network primitive that could be reused by other code paths to access or exfiltrate data.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The _get_or_create_user logic calls a phone-login endpoint with register=1 and user identifiers, meaning the code can silently create or retrieve accounts without an explicit user action. In a child-monitoring skill, silent account provisioning is especially sensitive because it expands collection and backend linkage of household and child-related data beyond what is necessary for local danger detection.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The default trigger activates on broadly described child-monitoring video inputs, which can cause the skill to run in situations where the user did not explicitly request this specific cloud-backed dangerous-object analysis workflow. Over-broad triggering is risky here because it may lead to unintended processing or upload of sensitive home video involving minors.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The historical-report trigger phrases are broad and ambiguous, making it easy for the skill to initiate backend history retrieval outside the user's intended scope. In a child-safety surveillance setting, ambiguous triggers can expose prior report metadata and links to sensitive report images with insufficient user intent verification.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill instructions indicate that uploaded videos or URLs are processed via a remote API and that historical reports are queried from the cloud, but the description does not prominently warn users that child video, snapshots, and report data may be transmitted off-device. Because the content involves minors in private spaces, failing to clearly disclose remote transfer materially increases privacy, legal, and compliance risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The API requires transmission of videos or public video URLs plus an API key, yet the document provides no notice about where footage is sent, how long it is retained, or what sensitive content may be extracted. Because the skill monitors children in private spaces 24/7, omission of privacy and data-handling warnings materially increases the risk of covert collection, over-retention, or misuse of highly sensitive household video.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The skill reads full local video file contents and sends them to the analysis API without any visible consent, warning, minimization, or privacy control in this code. In a child-safety camera skill, uploaded footage is highly sensitive because it may contain children, interiors of homes, and routine household activity, so silent transmission materially raises privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The CLI requires an open-id that may be a username, phone number, or other user identifier, but provides no privacy notice, minimization, or handling guidance. In a child-safety monitoring system, linking sensitive surveillance events to direct identifiers raises privacy and compliance risks, especially if logs, shells, or process lists expose the value.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The analysis path sends local file paths or remote URLs into backend processing without clearly disclosing that content may be handled over the network. Because the skill concerns videos of children in private spaces, undisclosed remote processing materially increases privacy sensitivity and user harm if users assume analysis is local.

Missing User Warnings

Medium

Confidence: 78% confidence
Finding: The DAO automatically executes a schema-altering SQL statement on startup against the user table, which changes persistent state without explicit migration control, operator approval, or compatibility checks. In a child-monitoring product handling sensitive household/user data, silent schema mutation increases the risk of data corruption, unexpected privilege/data model changes, and hard-to-audit persistence behavior.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: This code transmits tokens, API keys, app IDs, tenant codes, platform identifiers, and pnaUserName/current user data in outbound requests, but the file shows no user-facing notice, consent check, or minimization. Because the skill context involves home/child safety monitoring, undisclosed identifier transmission increases privacy risk and can facilitate backend profiling of children and households.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The automatic phone-login/account-creation request sends mobile/openId/source data to a remote service without any indication of a preceding user notification or opt-in. Silent identity establishment is particularly problematic in a family/child-surveillance context because users may reasonably expect local safety detection rather than hidden account enrollment.

Static analysis

Install untrusted source

Warn

Finding: Install source points to URL shortener or raw IP.

Dep not found on registry

Critical

Finding: 1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal