ClawHub

Child Focus / Distraction Period Analysis | 儿童专注度与走神时段分析

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill handles sensitive child-monitoring videos and identifiers, but its remote processing, account/token storage, history export, and unrelated health-service coupling are too broad and under-disclosed for automatic installation.

Install only after the publisher clearly documents where child videos and identifiers are sent, how long reports are retained, who can retrieve or export them, how tokens are protected, and why health-service login and health-style analysis fields are present. Avoid using real children's footage, phone numbers, or local API keys with this skill until those issues are resolved.

SkillSpector (24)

By NVIDIA

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill expands from immediate video analysis into cloud-backed storage and history retrieval tied to an identifier, which is a materially broader data use than the headline feature suggests. Because the records concern minors' behavior and study habits, centralizing and later retrieving them increases privacy exposure and secondary-use risk.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Requiring collection of an open-id from config files or from a username/phone number for analysis and history access introduces unnecessary identity linkage for a child-monitoring workflow. This is dangerous because it expands the scope from processing a video to tying sensitive behavioral reports to persistent personal identifiers, increasing the chance of account misuse or unauthorized disclosure.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Automatically saving uploaded videos to local files broadens the data lifecycle beyond transient analysis and creates an unnecessary at-rest copy of sensitive recordings of children. Local persistence increases the risk of leakage through other tools, backups, improper cleanup, or unintended later access.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documented endpoint and response schema do not match the stated child focus analysis purpose. Instead of attention metrics, it returns health/physiognomy-style outputs such as constitution, organ condition, and complexion inferences, which indicates either repurposing of an unrelated surveillance/diagnostic API or deceptive documentation. In the context of monitoring children via camera, this is especially dangerous because it expands processing into sensitive health-like profiling without clear consent, necessity, or relevance to the advertised function.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill metadata describes focus analysis, reporting, and alerts, but this API wrapper also exposes generic record-management methods such as add, edit, and delete. That mismatch expands the skill’s effective capability beyond its declared purpose, creating an unnecessary attack surface and enabling unauthorized modification or removal of camera-related records if higher layers invoke these methods.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The code provides edit() and delete(cameraSn) operations against camera-related resources even though the stated skill purpose is behavioral analysis of study sessions. In a child-monitoring context, the ability to alter or delete camera/device records can disrupt monitoring, tamper with evidence/history, or be abused to affect enrolled devices without clear user expectation.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The code accepts arbitrary remote video URLs and passes them to downstream analysis without any visible allowlisting, scheme restriction, or validation. In a child-monitoring context, this broad input surface can enable misuse of the skill for unintended third-party surveillance content, and depending on downstream fetching behavior, may also create SSRF-style risk or cause the service to retrieve attacker-controlled resources.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
This file exposes generic HTTP helpers (http_get/http_post/http_put/http_delete plus add/edit/delete) that accept arbitrary URLs and arguments, creating a broad network-capable abstraction unrelated to the narrowly described child focus analysis behavior. In a privacy-sensitive child-monitoring skill, such unrestricted outbound request capability increases the risk of misuse for data exfiltration, hidden third-party communications, or future feature creep without clear controls.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The file defines persistent user-account storage and mutation logic even though the declared skill purpose is child focus analysis from camera input. In a child-monitoring context, collecting and retaining unrelated account/profile data expands the privacy attack surface and increases the consequences of compromise or misuse without clear necessity.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The model stores token and open_token values alongside child/user profile attributes without any visible encryption, hashing, scoping, or retention controls. If the local SQLite file is accessed by another process, copied, or exfiltrated, these credentials could enable unauthorized access to connected services and deepen privacy harm in a child-surveillance product.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The generic HTTP helper silently auto-registers or logs in a user against an external health-service endpoint, then retrieves and persists tokens in local storage. That behavior is unrelated to a child focus-analysis utility module and creates undisclosed account creation, credential handling, and cross-service data transfer risks; in a skill processing children’s study activity, this context makes the issue more sensitive.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The request utility injects payment and balance-handling behavior into a generic network path, including special-case account logic and recharge messaging. While not an exploit by itself, it is unrelated to the stated focus-analysis purpose and indicates hidden monetization/account coupling that can mislead users and expand the data/use surface beyond what is expected.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The default trigger is broad enough to activate on generic video/file-analysis requests, causing the skill to engage without clear user intent for child-focus monitoring. Overbroad triggering is risky here because it may route unrelated or sensitive videos into a workflow that uploads, stores, or links them to cloud-backed reports.

Missing User Warnings

High
Confidence
98% confidence
Finding
The description does not clearly warn users that children's study-area videos and associated identifiers may be sent to a remote API or cloud service. This omission undermines informed consent in a high-sensitivity context involving minors, behavioral monitoring, and potentially identifying account data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document specifies API key authentication for a system processing highly sensitive child video-derived behavioral data, but it provides no security or privacy handling requirements for collection, transmission, storage, access control, or retention. In this context, omission is dangerous because implementers may treat the API like a routine analytics service and inadequately protect children's biometric/behavioral data, increasing risk of unauthorized access, misuse, or noncompliant processing.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The export endpoint exposes a path for extracting complete child focus reports but the documentation gives no warning or constraints around authorization, secure export handling, or downstream sharing of the exported data. Because the reports contain sensitive child behavioral analytics and likely session history, an export feature materially increases the risk of bulk disclosure, oversharing, and regulatory/privacy harm if implemented without strict safeguards.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The API accepts direct video uploads and publicly accessible video URLs but provides no warning or controls around sensitive data handling, despite processing continuous video of children's study environments. This creates a significant privacy and security risk because users may transmit minors' biometric and behavioral data, as well as bystander and household information, without informed consent, safe transport assumptions, retention limits, or access restrictions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code reads an arbitrary local video file into memory and sends its contents to an external analysis service without any user-facing consent flow, disclosure, or visible minimization controls in this file. In the context of child-study-area monitoring, the uploaded video can contain highly sensitive personal data about minors, surroundings, and behaviors, making silent transmission materially risky from a privacy and compliance standpoint.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill forwards user-supplied remote video URLs to an external analysis backend with no explicit warning or confirmation in this code. While less severe than direct local-file upload, it still enables processing of potentially sensitive child-monitoring footage by a third-party service without transparent disclosure, and may also cause the backend to retrieve attacker-controlled URLs depending on downstream implementation.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The CLI requires a highly sensitive identifier via --open-id and stores it in a global configuration value, but provides no notice about how it will be transmitted, retained, or protected. In a child-focused monitoring skill, handling identifiers tied to parents, teachers, or students without transparency increases privacy risk and can lead to accidental exposure through logs, process arguments, shell history, or downstream services.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The constructor automatically runs an ALTER TABLE against the local database on initialization, with no migration versioning, backup, prompt, or user disclosure. In a child-focused monitoring skill, silent schema mutation can unexpectedly create or modify personal-data storage and may break data integrity or expand retained data without informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The HTTP utility automatically appends identifiers, tenant metadata, username, API keys, access tokens, and authorization headers to outbound requests and may send arbitrary request data to external services. In a child-monitoring skill, silent transmission of behavioral or account-linked data without explicit disclosure or minimization materially increases privacy and security risk.

Ssd 3

High
Confidence
97% confidence
Finding
The skill directs retrieval and presentation of all historical child focus reports based on a user identifier, enabling broad disclosure of sensitive behavioral records in plain language. In the context of minors, such reports may reveal patterns of attention, routines, and school behavior, making unauthorized access particularly harmful.

Ssd 3

High
Confidence
99% confidence
Finding
The open-id acquisition flow tells the agent to read an api-key from local configuration and reuse it as a user identifier for report access, conflating a secret credential with an identity token. This is especially dangerous because it can exfiltrate local secrets and use them to access cloud-stored sensitive reports without the user's informed authorization.

Static analysis

Install untrusted source

Warn
Finding
Install source points to URL shortener or raw IP.

Dep not found on registry

Critical
Finding
1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal