Commuter After-Work Fatigue Care (Home-Arrival Moment) | 上班族下班疲劳关怀（回家时刻）

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent fatigue-monitoring purpose, but it handles highly sensitive home video, identifiers, cloud history, account creation, and local token storage with unclear user control.

Review before installing. This skill may send private living-room video/audio and personal identifiers to external services, create or log into an account silently, store local bearer tokens, and keep cloud-accessible analysis history. Install only if you trust the publisher and service, are comfortable providing an OpenID/username/phone number, and have clear retention, deletion, consent, and account-control expectations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (25)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 82% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 80% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: Requiring an open-id sourced from config files or from a user's phone number/username introduces unnecessary identity collection for a feature presented as home fatigue analysis. In this context, requesting account identifiers to query cloud history increases privacy risk and creates an avenue for unauthorized account linkage or access to personal reports.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill expands from immediate fatigue-care assistance into longitudinal tracking, weekly summaries, and historical report retrieval, which materially broadens the scope of data processing. For a system analyzing sensitive behavioral and audio/video-derived wellness signals, silent scope expansion increases privacy exposure and user surprise.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The documentation introduces external API calls and remote downloading of video URLs, which means highly sensitive home video may leave the local environment despite the skill being presented as an in-home analysis function. This is particularly dangerous because users may not expect cloud transfer of living-room footage and associated behavioral inferences.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The script exposes a history-listing function keyed only by a supplied user identifier, which expands the capability from real-time fatigue detection into retrospective access to personal care records. In this smart-home mental-health context, those records can reveal behavior patterns, stress/fatigue state, and presence-at-home timing, making unauthorized enumeration or retrieval a meaningful privacy risk.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: Accepting broad identifiers such as phone numbers, usernames, or OpenIDs to access records increases the chance of account lookup, record retrieval, or correlation against sensitive household wellness data. Because the skill monitors post-work fatigue in the home, misuse could expose intimate behavioral and mental-state information tied to a real person.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The documented endpoint processes uploaded videos or public video URLs and returns face-derived health-style outputs such as constitution, organ condition, and complexion analysis, which materially exceeds and contradicts the stated fatigue-care purpose. In a smart-home skill that auto-activates when a user comes home, this mismatch creates a serious risk of undisclosed secondary use of sensitive biometric and inferred health data, potentially enabling over-collection, deceptive processing, or integration with an unrelated third-party analysis service.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The implementation accepts arbitrary local file paths and remote HTTP/HTTPS video URLs for analysis, which is materially broader than the declared fixed smart-home camera homecoming use case. This expands the skill into a general-purpose surveillance/file-upload interface and can enable analysis of unintended or sensitive third-party content without scope controls or scenario-specific authorization.

Description-Behavior Mismatch

Low

Confidence: 84% confidence
Finding: The code exposes report listing and report export URL generation beyond the manifest's described real-time fatigue detection and comfort prompts. Even if not directly exploitable in this file alone, undocumented report retrieval features increase data exposure surface for sensitive analysis outputs and may enable broader access to prior reports than users expect.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The file defines a persistent user table containing username, email, birthday, age, sex, token, and open_token, which is not necessary for detecting post-work fatigue and playing supportive messages. Collecting and storing identity and authentication-like tokens in a smart-home camera/speaker feature creates excessive surveillance and privacy exposure, especially given the intimate in-home context described by the skill.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The file adds a general-purpose `ai_chat` capability that is unrelated to the stated commuter-fatigue care function, expanding the skill's scope beyond simple local detection and speaker output. Even though the subprocess execution is currently stubbed out, this creates an unnecessary high-risk extension point for arbitrary prompt handling and future agent/tool invocation in a smart-home context.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: This utility code performs remote account lookup/creation, token acquisition, and credential persistence that are unrelated to the stated fatigue-care function of analyzing post-work fatigue in a smart-home setting. That creates an unnecessary identity and authentication surface, enabling silent enrollment of users and backend access using usernames/mobile numbers without clear consent, which is especially risky in a home-monitoring skill already handling sensitive behavioral data.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The helper `_get_or_create_user` can silently register or log in a user from a supplied username/mobile by calling `/sys/phoneLogin` with `register: 1` and `silent: 1`. This is dangerous because it enables unauthorized account creation or impersonation workflows tied to phone identifiers, with no evidence here of user verification, consent, or purpose limitation.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The auto-trigger conditions are broad enough that uploaded videos or certain keywords may invoke analysis or history-query behavior without clear, deliberate user intent. In a skill processing intimate in-home monitoring data, ambiguous activation increases the chance of accidental collection, upload, or querying of sensitive information.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill lacks a prominent warning that it performs sensitive camera/audio monitoring and may query cloud-backed history, despite deriving wellness-related inferences from private home environments. Without clear upfront warning and consent, users cannot make an informed decision about surveillance and data sharing risks.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The CLI collects a highly sensitive identifier and even suggests it may be a phone number, but provides no notice about storage, transmission, retention, or how the identifier is used. In a home-surveillance wellness skill, combining identity with fatigue-analysis records materially raises privacy and profiling risks.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The tool accepts remote video URLs for analysis without warning that external content may be fetched or transmitted, which can surprise users and expose private in-home footage to unintended networks or services. Given the content involves fixed-camera recordings inside living spaces, undisclosed remote handling is especially sensitive.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation instructs clients to upload MP4 videos or provide publicly accessible video URLs containing facial and behavior data, yet gives no warning, consent flow, retention notice, or safeguards for transmitting highly sensitive biometric and health-adjacent information. In this skill’s context—continuous home-camera observation immediately after the user returns home—silent external transmission is especially dangerous because it captures intimate in-home behavior and can expose users to surveillance, data leakage, or misuse by the API provider.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The function reads full local file contents into memory and sends them to the analysis service, but this code shows no user notice, consent prompt, or disclosure that personal video data will be uploaded. In the context of a smart-home fatigue-monitoring skill handling intimate in-home footage, silent transmission materially raises privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The CLI requires an `--open-id` that may be a phone number, username, or other directly identifying value, and the skill context involves highly sensitive in-home fatigue and emotional-state analysis from camera/audio data. Even though this file does not itself show the network call, it passes the identifier into downstream analysis/list APIs without any visible consent flow, minimization, pseudonymization, or privacy warning, creating a meaningful privacy and compliance risk if data is transmitted or logged externally.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The code automatically creates a local SQLite database on initialization without any visible consent, notice, or data-governance controls. In a smart-home fatigue-monitoring skill that observes behavior inside the home, silent local persistence materially increases privacy risk because users may not expect any database to be created at all.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The DAO executes an ALTER TABLE automatically at startup, silently modifying persisted user-data schema. Automatic schema changes without migration controls, version checks, or user/admin notice can break data integrity and expand personal-data collection over time without transparency, which is particularly problematic for an in-home monitoring feature.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The code transmits `openId`, `mobile`, and source metadata to a remote login endpoint without any user-facing disclosure in this file. In the context of a smart-home fatigue-care skill, sending identifiers off-device expands privacy risk because it couples sensitive in-home behavioral monitoring with external identity processing.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The code stores retrieved authentication tokens locally via the DAO without any indication of user notice, consent, encryption, or secure storage controls. Persisting bearer tokens increases the risk of account takeover or backend misuse if the local environment, logs, or storage layer is compromised.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal