ClawHub

Driver Blink-Rate & Eye-Closure Fatigue Detection | 驾驶员眨眼频率与闭眼时长检测

Security checks across malware telemetry and agentic risk

Overview

This skill has a plausible driver-fatigue purpose, but it sends sensitive driver video and identifiers to remote services while also creating/storing account tokens and exposing unrelated health-analysis behavior.

Review this carefully before installing. It may upload driver face videos or video URLs to external LifeEmergence/SMYX services, link them to a username, phone number, or open-id, retrieve cloud report history, create or reuse an account silently, and store tokens locally. Install only if you have consent from the recorded drivers and are comfortable with the remote service, retention/reporting model, and dependency risk; ask the publisher to remove unrelated health-analysis outputs, replace the bad yaml dependency, document all data flows, and add explicit consent before uploads or history lookups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (22)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill invokes capabilities equivalent to environment access, file read/write, network, and shell execution, but does not declare them up front. That creates a transparency and consent gap: users may believe this is a simple local fatigue-analysis skill when it can save files, read configs, and send data to remote services. In this context, the data involved includes driver video and identifiers, which increases privacy and compliance risk.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose is narrow fatigue detection, but the behavior described by analysis includes generic remote AI submission, unrelated pet-type handling, account/login provisioning, local token storage, historical record retrieval, and report URL construction. That mismatch is dangerous because it conceals materially different data flows and account-related operations from users, making overcollection and unauthorized backend interaction more likely. Since the skill processes biometric-like driver video, hidden remote processing and account linkage materially elevate privacy and misuse risk.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to obtain an open-id from local configuration files before analysis, which expands scope from video analysis into credential or identifier harvesting. Reading local config to extract API keys or user identifiers can expose secrets unintentionally and enables cross-context access to account-linked backend data. In a multi-skill workspace, this is especially risky because it may pull identifiers not explicitly supplied for this task.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The historical-report query feature is outside the core real-time fatigue-detection function and introduces access to stored cloud records. This broadens the skill from analysis into retrieval of prior reports, which may expose sensitive driver history, timestamps, and report links if triggered inappropriately or under the wrong identity. Because the trigger is tied to natural language rather than a stronger authorization step, the feature increases privacy risk.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented API behavior does not match the skill’s declared purpose of blink-based driver-fatigue detection. Instead, it describes a generic video analysis endpoint that returns health/constitution and organ-condition inferences, which indicates scope mismatch and possible undisclosed secondary processing of driver video; this is dangerous because users and integrators may submit in-cabin facial video expecting a safety function while actually exposing subjects to unrelated sensitive biometric/health inference.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The response schema includes broader physiognomy and health-diagnostic outputs unrelated to the stated driving-safety use case. In the context of an in-cabin driver monitoring skill, this greatly increases sensitivity because it enables covert inference of health-related attributes from drivers’ facial video beyond what is necessary for fatigue detection, creating privacy, compliance, and misuse risks.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill accepts arbitrary remote URLs for video input even though the stated purpose is in-cabin driver monitoring, which expands the trust boundary and can enable unintended analysis of external content. If the downstream analysis service fetches URLs server-side, this may be abused to process unauthorized third-party footage, hit internal resources, or bypass expected data-ingestion controls.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The http_post/http_put/http_get/http_delete methods accept an arbitrary URL and forward requests directly, creating a generic network primitive inside a skill whose stated purpose is blink/fatigue detection. If higher-level code passes user-controlled or attacker-influenced URLs, this can enable unauthorized outbound communication, SSRF-style access to internal services, or covert data transfer beyond the skill's declared function.

Context-Inappropriate Capability

High
Confidence
90% confidence
Finding
The file defines a generic user table containing username, email, birthday, and especially token/open_token fields, which are unrelated to the declared driver fatigue-detection purpose. Collecting and storing account-style credentials and personal data without clear functional need expands the attack surface and increases the consequences of local database compromise or unintended reuse.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This utility performs broad authenticated HTTP interactions, injects tokens and user identifiers into requests, and contains logic for account lookup, token refresh, and persistence that goes far beyond a blink-fatigue detection skill's stated purpose. In this context, hidden general-purpose API access expands the attack surface and enables undisclosed data exchange or backend actions unrelated to driver-safety monitoring.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code automatically invokes a phone-login flow with silent registration enabled, using a username/mobile/openId to create or retrieve accounts without any visible user approval. For a fatigue-detection skill, silent account provisioning is unrelated to core functionality and risks unauthorized account creation, identity misuse, and undisclosed transmission of personal identifiers.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill returns hardcoded payment and recharge instructions when a 402-like condition occurs, indicating monetization workflow coupling inside a safety-related utility layer. In a driver-fatigue context, mixing operational alerts with account-balance/payment prompts can mislead operators, hide service dependencies, and create unsafe failure modes where safety features stop working due to billing state.

Vague Triggers

Medium
Confidence
86% confidence
Finding
A default trigger that activates on any uploaded driver video is too broad for a skill that uploads content for remote processing and may persist records. Overbroad activation increases the chance of accidental execution on sensitive footage without clear user intent, especially when the skill can save files locally and send data to backend services. In this domain, the data is highly sensitive because it contains identifiable in-cabin video.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Automatic triggering of historical-report queries based on broad phrases can cause retrieval of sensitive cloud records without sufficiently explicit intent. This is risky because a casual request to view reports may result in backend access, identity-linked data disclosure, and generation of report links. The presence of driver monitoring history makes accidental exposure more serious than in a low-sensitivity domain.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill description emphasizes safety functionality but does not clearly warn users that uploaded driver videos and report data are sent to remote services and fleet platforms. This omission undermines informed consent and can cause users to expose biometric and behavioral data without understanding the transmission, storage, and sharing implications. Given the sensitivity of in-cabin monitoring data, lack of disclosure is a meaningful privacy and compliance issue.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The script requires `--open-id` and describes it broadly as an OpenID, user ID, username, or phone number, all of which can be sensitive identifiers, yet there is no disclosure about collection, storage, transmission, or retention. In a driver-monitoring/fleet context, this increases privacy risk because biometric-adjacent telemetry is being linked to an identifiable person.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The API accepts raw video uploads and public video URLs containing driver facial footage, but the documentation provides no warning or controls around privacy, consent, retention, third-party sharing, or secure transport/storage expectations. In a driver-monitoring context, these videos are highly sensitive biometric data, so missing handling guidance can lead to accidental overcollection, unauthorized exposure, or noncompliant deployment.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The response format returns health-related and diagnostic inferences without warning that the service may generate sensitive outputs. This is especially dangerous here because fleet or cockpit systems integrating the skill may unknowingly collect, display, store, or act on sensitive health-like assessments about drivers, creating significant privacy, discrimination, and regulatory risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill reads arbitrary local files into memory and sends their contents to an external analysis service, but this code provides no user-facing disclosure, consent step, or destination transparency. In a video-based driver monitoring context, that can expose sensitive biometric footage and associated metadata to remote services without adequately informing the user.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill accepts remote HTTP/HTTPS video URLs and forwards them for analysis without disclosing that network resources will be accessed and processed by a backend service. In this context, users may unknowingly cause third-party-hosted driver video to be fetched and analyzed, creating privacy, compliance, and data-governance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The model stores token and open_token fields directly in the user table, suggesting sensitive credentials or bearer tokens may be persisted in plaintext. If the local SQLite database is accessed, copied, or exposed through logs/backups, these tokens could be reused for account or API compromise.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The request logic may transmit usernames, mobile numbers, tenant identifiers, API keys, access tokens, and authorization tokens to remote services, while the only visibility is debug logging rather than user-facing disclosure or consent. In a vehicle-monitoring skill that may already process sensitive telemetry, undisclosed identifier and credential transmission materially increases privacy and account-compromise risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal