ClawHub

Child Drowsiness / Fatigue Detection | 儿童打瞌睡/疲劳检测

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform child fatigue video analysis, but it handles children’s video, identifiers, report history, and account tokens with too much unclear remote processing and persistence.

Review carefully before installing. Use only if you trust the publisher and backend service with children’s facial video and account-linked history reports, have guardian or school authorization, understand retention/deletion and report-link access controls, and are comfortable with local token/profile persistence and automatic account creation behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (26)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Requiring an open-id sourced from local config or from the user's username/phone number is not necessary for basic fatigue analysis and expands collection of personal identifiers. In the context of a children's monitoring skill, tying facial-video analysis to account identifiers creates avoidable privacy and tracking risk.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill broadens itself from immediate fatigue assessment into cloud history querying and presentation of report links, including automatic history behavior on keyword matches. That scope expansion increases data exposure and may disclose prior reports without a sufficiently explicit, separate user request.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The API request unconditionally injects a petType parameter into analysis calls, which conflicts with the manifest's stated child drowsiness/fatigue detection purpose. This strongly suggests code reuse or cross-skill contamination, creating a risk that requests are routed, processed, or labeled according to the wrong domain and that users are misled about what data is being analyzed.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The inline comment explicitly states 'add pet type parameter,' reinforcing that this file contains functionality inconsistent with a child monitoring skill. In a surveillance-related skill involving children, such mismatches are dangerous because they indicate the implementation may not reflect the declared behavior, undermining trust, auditability, and potentially causing sensitive biometric data to be processed under an unintended model or service path.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The API documentation describes a generic remote analysis endpoint that returns constitution, organ-condition, and health-diagnosis style outputs, which materially exceeds the manifest’s stated purpose of child drowsiness/fatigue detection from video. This mismatch is dangerous because it suggests covert or undocumented processing of children’s biometric/video data for broader health inference, increasing privacy, consent, and misuse risks for a highly sensitive population.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The documented response behavior indicates facial/health diagnostic analysis beyond simple drowsiness monitoring, including constitution and organ-condition assessments. In the context of a child-focused classroom/home monitoring skill, this expands sensitive inference from behavioral fatigue detection into health profiling, which is especially risky due to the involvement of minors and continuous video surveillance.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill accepts arbitrary http/https URLs and forwards them to the backend for analysis, which expands collection beyond the stated fixed-camera classroom/home-desk use case. In a child-monitoring context, this increases privacy risk and enables analysis of third-party or non-consensual remote videos without any scope or origin restriction in this code path.

Description-Behavior Mismatch

Low
Confidence
83% confidence
Finding
The report-listing function exposes historical analysis records and generates export links, which is a broader data-access capability than the manifest describes. Because these records concern children's fatigue/face-analysis results, listing and sharing report URLs can reveal sensitive historical monitoring data if access control is weak elsewhere in the stack.

Context-Inappropriate Capability

Low
Confidence
77% confidence
Finding
The history-listing function exposes prior analysis results through `skill.get_output_analysis_list()` without using the provided `open_id` argument for scoping or access control in this script. In a child-monitoring context, historical video-analysis records can contain sensitive biometric or behavioral data, so an unjustified listing feature increases privacy and unauthorized data access risk.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
This module creates and stores a local SQLite database under a workspace-derived path, which is broader than the stated real-time child fatigue-analysis purpose and introduces undisclosed persistence. In a skill processing children's video-related signals, unexpected local storage increases privacy and data-governance risk, especially if derived user data or identifiers are later written there.

Context-Inappropriate Capability

High
Confidence
93% confidence
Finding
The file defines a sys_user schema with username, email, birthday, age, sex, and token fields, which is substantially broader than what is needed for fatigue detection and includes sensitive personal data. In the context of monitoring children, collecting and storing such identifiers materially raises privacy, compliance, and misuse risk if the data is exposed or retained unnecessarily.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
This utility implements a general-purpose outbound HTTP client with token handling, user identity propagation, and automatic account bootstrap behavior that is unrelated to the stated purpose of local child drowsiness/fatigue video analysis. In a skill handling children's classroom/home monitoring, hidden network capabilities materially increase data-exfiltration and unauthorized remote-service interaction risk, especially because requests are enriched with tenant, platform, and user identity data by default.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code can automatically register or log in a user by calling a phone-login endpoint with a supplied username/mobile/openId, without any visible consent or justification tied to fatigue detection. Auto-provisioning accounts is dangerous because it can create unexpected remote identities, transmit personal identifiers, and expand the skill's privileges beyond passive local monitoring.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Returning payment and recharge instructions from a utility used by a child fatigue-detection skill indicates hidden monetization/account coupling outside the declared function of the skill. While not code execution by itself, it signals that service-use gating and payment flows are embedded in unrelated logic, which can mislead operators and conceal backend dependencies and account state handling.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The default trigger is broad enough to activate on essentially any uploaded child video related to analysis, which can cause the skill to process sensitive biometric content without precise user intent. Because the subject is minors, accidental invocation materially raises privacy and consent concerns.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The history-query keywords are ambiguous and include phrases like sleep-health diagnosis reports, which may cause the skill to retrieve sensitive records in contexts broader than intended. This is especially risky where children's health-adjacent data and report links may be exposed based on loose keyword matching.

Missing User Warnings

High
Confidence
96% confidence
Finding
The workflow instructs users to submit videos and identifiers to a backend API but does not prominently warn that children's facial videos and associated identifiers may be transmitted off-device. For minors' biometric data, lack of explicit transmission notice undermines informed consent and creates significant privacy/compliance exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document describes continuous camera-based analysis of a child's face, eye state, head movements, and fatigue status without any explicit privacy warning, consent requirement, retention limit, or handling constraints for this sensitive monitoring data. In the context of minors in classrooms and homes, omission of these safeguards increases the risk of covert surveillance, over-collection, misuse of biometric/behavioral data, and noncompliant deployment.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Documenting an endpoint to export a complete report without warning about sensitive-data exposure is dangerous because the report likely aggregates child video-derived behavioral metrics, timestamps, fatigue events, and summaries that can be easily redistributed or mishandled. Export functionality materially raises exfiltration and unauthorized sharing risk, especially when the subject is a child and the setting is a classroom or home.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs clients to upload videos or provide public video URLs to a remote server using an API key, but it does not warn that highly sensitive biometric and potentially health-related data is being transmitted off-device. This omission undermines informed consent and safe deployment, particularly because the skill targets children in classrooms and homes where video monitoring is especially sensitive.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code reads an arbitrary local video file into memory and sends it to a network-backed analysis API without any visible consent, warning, or confirmation in this path. Since the skill processes children's facial video, silent upload of local recordings creates a substantial privacy and compliance risk, especially for minors' biometric-like data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The CLI requires `--open-id` and accepts values such as OpenID, user ID, username, or phone number, but provides no warning, minimization, or privacy guidance. In this skill's context, the identifier is tied to child fatigue monitoring data, making the collection of direct or quasi-direct identifiers especially sensitive and potentially regulated.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The code silently creates a data directory and initializes a local database, causing undisclosed filesystem writes. In a child-monitoring skill, silent persistence is more dangerous because users may reasonably expect transient processing rather than background storage of potentially sensitive metadata.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The code executes a schema-altering ALTER TABLE operation automatically during initialization without disclosure or migration controls. Automatic hidden schema mutation can expand collected data fields and persist new categories of user data without informed consent or administrator review.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
HTTP requests can send user identifiers and multiple auth headers, while request bodies are also augmented with tenant code, platform, hub name, and username. In the context of a child-monitoring skill, undisclosed transmission of identity and authorization data is especially sensitive because it may expose children's or guardians' account context to external services without informed consent.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal