Elderly Loneliness Detection & Warm Companionship | 独居老人孤独情绪识别与温暖陪伴

Security checks across malware telemetry and agentic risk

Overview

This elder-care monitoring skill may be legitimate, but it needs review because it processes private video, retrieves cloud history reports, silently provisions backend accounts, stores tokens locally, and contains mismatched analysis artifacts.

Review carefully before installing. Confirm the publisher and API operator, require explicit consent from the monitored elder and authorized caregivers, avoid raw phone numbers when possible, and assume private video plus behavioral reports may be sent to remote services. The package should make account creation explicit, remove unrelated medical/pet artifacts, narrow history access, fix the dependency issue, and add clear retention, deletion, and authorization controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (23)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 76% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 74% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill directs the agent to read local configuration files to obtain an api-key and repurpose it as an open-id, which is unrelated to core video analysis and risks secret exfiltration or credential misuse. Reading workspace config files expands the trust boundary from user-provided inputs to local sensitive files without clear necessity or consent.

Context-Inappropriate Capability

Medium

Confidence: 85% confidence
Finding: The added cloud history-report query feature materially expands the skill from real-time companionship support into retrospective data retrieval, increasing exposure of sensitive behavioral monitoring records. In this context, history access can reveal intimate patterns about an elderly person's daily life and emotional state beyond what users may expect from a single analysis request.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The documented API behavior is materially inconsistent with the stated purpose of the skill. Instead of loneliness-behavior analysis, it sends elderly users' videos to a generic remote service that returns face detection and quasi-medical inferences such as constitution and organ condition, indicating scope creep, possible hidden processing, and unauthorized sensitive biometric/health profiling.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: Inferring facial, constitutional, or organ-condition information from room video is highly sensitive processing that is unjustified for a companionship/loneliness skill. In this context, the users are elderly people in private spaces, so collecting or deriving extra health attributes creates substantial privacy, consent, and misuse risks beyond the advertised function.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The file exposes add, edit, and delete record-management operations for analysis entities even though the skill description presents the capability as video analysis and automated companionship interventions. This creates a hidden expansion of authority: if these methods are reachable by the agent or a caller, they could modify or delete camera- or analysis-related records without users expecting administrative write access, which is especially sensitive in an elderly-monitoring context.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The manifest describes analysis of fixed-camera feeds in controlled elderly-care settings, but this code also accepts arbitrary HTTP/HTTPS video URLs. That broadens the data source beyond the declared use case and can enable analysis of externally hosted or unintended surveillance content, increasing privacy, consent, and policy-bypass risk. In a skill processing highly sensitive in-home video, accepting arbitrary URLs is more dangerous than in a generic media tool.

Description-Behavior Mismatch

Low

Confidence: 78% confidence
Finding: The skill exposes generic report listing and export-link generation features that are not described in the loneliness-monitoring manifest. In a system handling intimate behavioral analysis of elderly individuals, enumerating reports and exposing export URLs can increase unauthorized access or secondary sharing risk if upstream access control is weak or omitted. The mismatch between declared purpose and implemented capabilities is itself a security/privacy concern.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: This file exposes a generic API wrapper with broad add/edit/delete and raw HTTP methods that are not constrained to the elderly-loneliness workflow described in the skill manifest. In a privacy-sensitive monitoring skill, such unrestricted network primitives expand the capability surface and can be reused by other components to send, modify, or delete arbitrary remote data, increasing the risk of data exfiltration or unauthorized backend actions.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The raw http_post/http_put/http_get/http_delete methods allow arbitrary outbound requests with caller-controlled URLs, which is unjustified by the stated purpose of detecting loneliness and triggering predefined companionship actions. Because this skill processes highly sensitive in-home elder monitoring data, arbitrary outbound connectivity materially raises the risk of covert transmission of behavioral or video-derived data to unapproved external services.

Context-Inappropriate Capability

High

Confidence: 95% confidence
Finding: The utility layer contains hidden account provisioning and login behavior that is unrelated to the declared loneliness-analysis purpose. It can silently create or recover user accounts, persist tokens, and couple unrelated identity flows into any caller of the HTTP helper, expanding the attack surface and enabling unauthorized account actions or backend access if identifiers are attacker-controlled.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The HTTP helper converts a backend status into a payment-skill upsell message, which is unrelated to the stated emotional-support function. This is risky because a shared utility can steer users into installing or using other skills based on server responses, creating undisclosed cross-skill coupling and potential manipulation of user actions.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill describes continuous in-home camera/audio monitoring and automatic notifications to family, but does not present an upfront, prominent warning about the surveillance and third-party disclosure involved. In a private home or nursing-room setting, this omission is especially dangerous because it affects highly sensitive health-adjacent and intimate behavioral data of a vulnerable population.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The default trigger is broad enough to activate on ordinary elderly-care video requests, which may route users into sensitive monitoring and external processing they did not explicitly request. Overbroad invocation raises the chance of unintended collection, upload, and analysis of private household footage.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The instructions state that uploaded files are automatically saved locally and remote URLs are sent to an external API, but they do not provide an upfront privacy/security warning or user choice. This is dangerous because private in-home footage may be persisted or transmitted off-device without informed consent, increasing risk of leakage or misuse.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill asks users to provide a username or phone number as open-id without a clear warning that these are personal identifiers tied to sensitive monitoring records. In this context, collecting identifiers linked to loneliness reports can enable profiling, unauthorized lookups, or cross-account exposure if mishandled.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The API documentation tells integrators to upload video files or public video URLs to a remote server but provides no warning that sensitive in-home footage and face data are being transmitted off-device. For an elderly-monitoring skill in private residences or rooms, this omission increases the likelihood of uninformed deployment, improper consent, and insecure handling of highly sensitive personal data.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This code reads local video files into memory and sends them to a remote analysis service without any in-code user-facing notice, consent prompt, or disclosure of transfer/retention. Because the skill operates on highly sensitive bedroom/home footage of elderly people and infers mental-emotional state, undisclosed upload materially elevates privacy and compliance risk. The context makes this more severe than a normal media-processing upload.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The CLI requires an --open-id and stores it in a global runtime variable before invoking analysis/list operations, but it provides no user-facing notice about how this identifier will be used, stored, or transmitted. In the context of elderly-care monitoring, identifiers may map directly to highly sensitive health and behavioral data, increasing privacy and compliance risk if users or operators are unaware of disclosure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The code invokes remote analysis through skill.get_output_analysis on a local file path or URL, yet the interface does not clearly disclose that video content may be uploaded or otherwise sent to a service for processing. Because this skill handles continuous in-home video of elderly individuals and infers mental-state signals such as loneliness, undisclosed remote submission creates substantial privacy, consent, and surveillance risks.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: Enabling HTTPConnection and urllib3 debug logging can expose full request and response metadata, and often bodies, into logs. In this codebase, requests may carry authentication tokens, user identifiers, and potentially sensitive elderly-care data, so debug mode materially increases the chance of credential and privacy leakage.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This code automatically sends usernames, open IDs, tenant metadata, skill identifiers, and authentication tokens in outbound requests without any visible consent or minimization. In the context of an elderly monitoring skill handling highly sensitive behavioral data, undisclosed network transmission increases privacy, compliance, and account-compromise risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal