ClawHub

Dementia Confusion / Disorientation Recognition and Orientation Soothing | 失智老人困惑/迷惘识别与定向安抚

Security checks across malware telemetry and agentic risk

Overview

This skill is a sensitive dementia-care monitoring tool, but its cloud identity, credential storage, and mismatched analysis code need careful review before installation.

Review before installing. Use only with documented consent from residents or legal representatives, facility notice, and a verified data-processing agreement. Confirm which remote endpoints receive video/audio and identity data, remove or justify the pet/generic health-analysis mismatch, avoid silent account registration, and require secure token storage and retention/deletion controls before deployment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (20)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill adds cloud history querying and caregiver/report distribution beyond the stated real-time detection and soothing function. In this context, expanding into longitudinal reporting increases exposure of sensitive behavioral records and creates additional pathways for unauthorized disclosure of dementia-related care information.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs itself to search workspace configuration files for an API key/open-id credential, including shared directories outside the immediate skill scope. Reading credentials from broader workspace locations is dangerous because it can exfiltrate or misuse secrets unrelated to the current task, especially when combined with shell/network capabilities.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill evolves from optional audio/video analysis into mandatory user/account identification and cloud-backed record management. This broadening is risky because it ties sensitive health-adjacent monitoring data to persistent user identity, increasing privacy harm and the blast radius of any misuse or compromise.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
This service exposes list, add, edit, and delete operations even though the skill description only covers real-time confusion detection and orientation prompting. In a dementia-care context handling sensitive camera/microphone deployments, undisclosed management APIs expand the attack surface and may enable unauthorized inventory or configuration changes if they are reachable through the skill.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The analysis request injects a petType parameter and includes a comment about adding pet-type behavior, which is inconsistent with a dementia-orientation skill. This strongly suggests code reuse or misbinding to the wrong backend/model, creating a risk that sensitive elder-care data is sent to an unintended analysis pipeline, causing privacy violations, incorrect outputs, or cross-domain data handling errors.

Intent-Code Divergence

High
Confidence
94% confidence
Finding
The inline comment explicitly states that a pet-type parameter is being added, directly contradicting the stated dementia-care purpose. In security review, this is a strong indicator of mismatched functionality or copy-pasted code, which is dangerous here because the system processes highly sensitive health-adjacent audio/video data and may route or classify it using the wrong service logic.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The API document describes a generic video-analysis endpoint that returns face detection and traditional health/constitution diagnosis results, which materially differs from the advertised dementia confusion/orientation functionality. This kind of scope mismatch is dangerous because integrators may unknowingly deploy a system that performs undisclosed biometric and health inference on vulnerable elderly subjects, creating privacy, consent, and compliance risks.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The documented response includes organ-condition, complexion, and health-warning inferences from video that are not justified by the skill's stated purpose of confusion detection and orientation soothing. Inferring health conditions from camera footage—especially for dementia patients—expands processing into highly sensitive medical territory and can enable unauthorized profiling, misdiagnosis, or deceptive overcollection of protected data.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The file persists generic user-account records, including identity and profile fields, that are not clearly necessary for the stated dementia confusion/orientation analysis function. In a high-sensitivity elder-care context, collecting unrelated personal data expands the privacy attack surface and increases harm from misuse, overcollection, or breach.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The User model stores token and open_token fields alongside personal profile data without any visible protection such as encryption, scoping, rotation, or access control. If these database contents are exposed, attackers could gain account or API access in addition to compromising sensitive resident-related personal information.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The shared HTTP utility performs account login/registration, token acquisition, and local token persistence, which is far beyond the stated purpose of a dementia confusion/orientation skill. In a healthcare-adjacent context handling vulnerable people, hidden identity provisioning and credential management increase the risk of unauthorized account creation, silent backend enrollment, and misuse of personal identifiers without informed consent.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The helper can automatically create or log in platform accounts using a username/mobile identifier via a background request. That capability is unjustified for a skill described as behavior monitoring and soothing, and could be abused to silently enroll residents, caregivers, or operators into remote systems using personal identifiers.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The code persists retrieved token and open-token values to storage through the user DAO, creating long-lived sensitive credentials outside the skill's stated functionality. Persisting tokens increases the blast radius of compromise, especially on shared devices or systems in care facilities where multiple staff may access the environment.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill involves continuous camera/microphone monitoring, voiceprint binding, behavioral inference, and remote/cloud interactions, but the description lacks a clear upfront privacy and data-use warning. In a dementia-care setting, this is especially dangerous because the subjects are highly vulnerable individuals and the data includes biometric and health-adjacent information with elevated consent and abuse risks.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states that uploaded files are automatically saved locally and that historical reports are fetched from the cloud, but it does not clearly warn users about persistence and remote data access at the point of use. This can lead to unanticipated retention of sensitive elderly audio/video and behavioral incident records.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The API allows direct upload of videos or submission of public video URLs for analysis without any warning or safeguards around sensitive biometric, voice, and health-related data. In the context of dementia care, this is especially risky because the subjects are vulnerable individuals and the media may contain identifiable faces, speech, location, and behavioral-health signals, increasing the chance of privacy violations or unauthorized third-party disclosure.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code uploads local video file contents or submits remote video URLs to an external analysis service without any visible consent prompt, privacy notice, minimization, or policy gating in this path. In the context of dementia care, the data is highly sensitive health/behavioral surveillance data and may include residents, caregivers, voices, identities, schedules, and location details, making undisclosed transmission materially risky from both privacy and compliance perspectives.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
When debug mode is enabled, the code turns on low-level HTTP connection debugging and verbose urllib3 logging, which can expose request URLs, headers, bodies, and possibly authentication tokens or personal data in logs. In this skill's healthcare setting, those logs may contain especially sensitive resident, caregiver, or facility information, making disclosure more harmful.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The HTTP helper automatically attaches identity and authentication data such as App-Id, X-Access-Token, X-Api-Key, Authorization, tenant code, skill platform metadata, and pnaUserName to outbound requests. This broad transmission is not clearly tied to the disclosed dementia-orientation functionality and risks sending personal or credential data to remote services without transparency or minimization.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The automatic login/registration request transmits mobile/username/openId values to a remote endpoint without any visible user warning or consent check. Because the skill operates in a dementia-care scenario involving highly sensitive populations, silent transmission of personal identifiers is especially dangerous and can violate privacy expectations or regulatory obligations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal