Driver Facial Flushing / Sweat Abnormality Detection | 驾驶员面部潮红/出汗异常检测

Security checks across malware telemetry and agentic risk

Overview

This driver-health video skill has plausible functionality, but it sends sensitive driver video and identifiers to remote services with unclear consent, broad history/report access, silent account/token handling, and code-domain mismatches.

Install only after verifying the publisher and backend service, replacing the `yaml` dependency with the intended package, and confirming written controls for driver consent, video upload/retention, fleet sharing, historical report authorization, URL validation, and secure token storage. Treat this as unsuitable for production or fleet use until those safeguards are explicit and testable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (23)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 81% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 81% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The skill includes a cloud historical-report query function that exceeds the described real-time monitoring use case. In a driver-health context, this broadens access to sensitive historical health-related events and may expose more personal data than necessary for the immediate task.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill instructs reading local and workspace configuration files to obtain an open-id/api-key before analysis, which introduces credential discovery behavior unrelated to simple video analysis. This is dangerous because it can cause unauthorized access to secrets from shared directories and normalize secret harvesting from local environments.

Description-Behavior Mismatch

Medium

Confidence: 80% confidence
Finding: The skill claims real-time in-cabin visual analysis but only documents delegation to an external API script rather than implementing or clearly describing the remote processing model. This is dangerous because users may believe processing is local when sensitive biometric video is actually transmitted off-device to a third party.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The analysis method injects a `petType` parameter into a driver health monitoring workflow, which strongly contradicts the manifest and suggests code reuse from an unrelated pet-analysis skill. In a safety-sensitive DMS context, sending semantically wrong parameters can route requests to the wrong model, corrupt results, or silently disable health-risk detection, creating a real risk of missed alerts and unsafe operational decisions.

Intent-Code Divergence

High

Confidence: 95% confidence
Finding: The inline comment explicitly says the code is adding a pet-type parameter, confirming a mismatch between implementation and declared driver health functionality. In a vehicle safety feature that may trigger or suppress medical-risk reminders, such cross-domain confusion is dangerous because it indicates the wrong business logic or model configuration may be deployed without obvious failure.

Description-Behavior Mismatch

High

Confidence: 93% confidence
Finding: The documented API exposes a broad remote 'common-analysis' service that returns generalized constitution and organ-condition inferences unrelated to the skill's stated purpose of detecting driver flushing and sweating. This mismatch is dangerous because it suggests the skill may transmit sensitive driver video to an external service capable of performing additional health profiling beyond user expectations, creating scope creep, privacy risk, and possible undisclosed data use.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The API accepts arbitrary uploaded videos or public video URLs for remote analysis, which exceeds what is needed for an in-cabin real-time monitoring feature. That broader ingestion capability increases the chance of misuse, unauthorized third-party video processing, and expansion from local safety monitoring into general-purpose surveillance or health analysis.

Description-Behavior Mismatch

Medium

Confidence: 85% confidence
Finding: The code accepts arbitrary http/https URLs and forwards them to the backend analysis service, which expands the skill from local in-cabin video processing to fetching remote content. This can introduce server-side request abuse, unexpected data ingestion, or policy/scope violations if the backend retrieves attacker-controlled URLs or analyzes videos outside the declared DMS context.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The model persists authentication-like tokens and personal profile data in a local SQLite database without any visible encryption, minimization, or access-control safeguards in this file. If the database file is read by another local process, copied from disk, or included in logs/backups, sensitive credentials and personal data could be exposed.

Description-Behavior Mismatch

Medium

Confidence: 85% confidence
Finding: The skill manifest describes a narrowly scoped driver-monitoring capability, but the code exposes a generic `ai_chat(prompt, session_id, timeout)` interface intended to call an external agent with arbitrary prompts. That mismatch expands the skill's effective capability beyond its declared purpose, creating a confused-deputy and policy-bypass risk if other components invoke it for unrelated tasks.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: This utility code performs remote phone-login/account creation, retrieves tokens, and persists them locally, which is unrelated to the stated in-cabin video health-monitoring purpose. In a driver-monitoring skill, silently creating backend accounts and storing authentication material expands the trust boundary and can expose user identifiers and tokens to unauthorized backend use, account misuse, or privacy violations.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The code automatically performs remote phone-login and account registration using a username/mobile/openId without any evident user confirmation in this path. For a DMS-based health reminder skill, this is unjustified and dangerous because it can create or access backend identities silently, exposing personal identifiers and enabling unintended account linkage or backend actions.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The default trigger activates on broadly defined uploaded driver-face videos, which can cause the skill to run on sensitive biometric content without sufficiently specific user intent. In this context, unintended activation increases privacy risk because driver video may be processed, stored, or uploaded automatically.

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The auto-trigger keywords for historical report queries are broad and ambiguous, making unintended access to sensitive health-event history more likely. In a fleet setting, this could expose driver-specific historical records to users who did not clearly request them.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill description emphasizes health monitoring but does not clearly warn users that driver video and identifiers may be transmitted to a cloud API and fleet-management platform. This is especially dangerous because the data includes biometric and health-adjacent information, creating significant privacy, compliance, and consent risks.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill specifies automatic local saving of uploaded files without a clear user-facing notice on retention, storage location, or cleanup. For biometric driver video, silent persistence increases the chance of unauthorized access, over-retention, and accidental exposure on shared systems.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The API documentation includes functionality to export full reports and describes uploading events to a fleet-management platform, but it does not mention consent, notice, data minimization, retention, access control, or any privacy restrictions. In this skill's context, the data concerns inferred health-related conditions from in-cabin facial video, which is particularly sensitive; undocumented or unbounded export/sharing materially increases the risk of privacy violations, misuse by fleet operators, and noncompliance with data-protection requirements.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script accepts arbitrary remote URLs for video analysis without any visible validation, restriction, or disclosure. In skill context, this can lead to server-side fetching of attacker-controlled URLs, creating SSRF-style risk, unexpected outbound network access, or transmission of sensitive driver video to external locations without clear user awareness.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation describes uploading driver video and transmitting analysis data to an external API without any privacy notice, retention policy, consent flow, or handling restrictions. Because the content concerns in-cabin facial video and health-related inference, the absence of transparency and safeguards materially increases privacy, compliance, and data misuse risk.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The skill reads full local video contents or forwards a remote video URL to an analysis API without any visible consent, privacy notice, or data-handling disclosure in this code path. Because the content is driver facial video and health-related inference data, silent transmission increases privacy and compliance risk and may cause users to disclose sensitive biometric/health information unintentionally.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This code transmits user identifiers and authentication tokens in HTTP requests and may create accounts without any user-facing warning or confirmation in the shown logic. In the context of a driver health-monitoring skill that processes sensitive in-cabin data, undisclosed transmission and token handling materially increase privacy and compliance risk even if transport uses HTTPS.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal