Elderly Loneliness / Depression-Tendency Behavior Analysis | 老年人孤独/抑郁倾向行为分析

Security checks across malware telemetry and agentic risk

Overview

This skill handles highly sensitive in-home elder video and mental-health-adjacent reports, but its cloud access, identifier handling, token storage, and documented analysis scope are not clearly bounded enough for ordinary installation.

Install only after a careful review of data handling. This skill should be treated as a cloud-connected surveillance and health-adjacent analysis tool: verify the service operator, replace the unresolved `yaml` dependency with the intended package, require explicit consent from the monitored person, use only authorized first-party videos, avoid phone numbers as identifiers, and confirm how videos, tokens, history reports, and exported report links are stored, deleted, and access-controlled.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (23)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 84% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 84% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The skill expands from analyzing a provided video into querying cloud history and listing prior reports for any supplied open-id. This creates a cross-session data access surface for sensitive mental-health inferences about elderly users, increasing the risk of unauthorized access, profiling, or disclosure if identifiers are guessed, reused, or mishandled.

Context-Inappropriate Capability

High

Confidence: 94% confidence
Finding: The skill instructs reading local/shared configuration files to obtain an open-id or API credential before analysis, even from workspace-wide paths. This can expose unrelated secrets or user identifiers from shared files and repurpose local credentials for remote API actions unrelated to the immediate uploaded video.

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: Automatically saving uploaded attachments and videos to local storage broadens processing beyond transient analysis, especially for highly sensitive in-home footage of elderly individuals. Persistent local copies increase the risk of later leakage, unauthorized reuse, or accidental retention without the user's informed consent.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The documented endpoint behavior materially conflicts with the skill’s declared purpose: instead of detecting loneliness/depression indicators such as dazing, sighing, self-talking, and emotional risk, it returns face detection and traditional health/constitution diagnostics. This kind of capability mismatch is dangerous because it can mislead integrators and users about what data is collected and what inferences are produced, enabling undisclosed biometric/health analysis under the cover of a mental-health monitoring skill.

Context-Inappropriate Capability

High

Confidence: 95% confidence
Finding: Allowing analysis of arbitrary public video URLs is not justified by the stated home-camera elderly-care use case and broadens the system into a general-purpose remote video analysis service. In the context of a skill that already processes sensitive footage of elderly individuals, this expands surveillance and misuse potential, including analysis of non-consenting third-party videos for face or health-related inference.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The response schema documents face detection and health/constitution diagnosis rather than the advertised loneliness/depression behavior metrics and risk alerts. This is a serious transparency and scope-control failure: consumers may deploy the skill believing it performs limited emotional-risk monitoring while it actually exposes biometric and health-style inferences, especially sensitive given the elderly home-monitoring context.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill description focuses on analyzing elderly users' emotional-risk signals from fixed cameras, but this client also exposes a delete operation that removes a camera/resource by serial number. In a surveillance and mental-health context, unauthorized deletion could disable monitoring, destroy operational records, and interrupt safety-related alerts for a vulnerable population.

Description-Behavior Mismatch

Medium

Confidence: 82% confidence
Finding: The code accepts arbitrary http/https video URLs and forwards them for analysis, expanding the data-ingestion scope beyond the described fixed-camera/home deployment model. In a surveillance/mental-health context, this can enable analysis of third-party or non-consensual videos, and may also cause backend requests against attacker-controlled URLs without any evident allowlist, ownership check, or consent gate.

Description-Behavior Mismatch

Medium

Confidence: 82% confidence
Finding: The script exposes a history-listing function via `show_analyze_list(open_id, ...)` that retrieves prior analysis results for a supplied user identifier, but this capability is not reflected in the stated skill behavior, which describes per-video analysis and daily reporting. Hidden or under-documented data-access features are risky because they can expand access to sensitive mental-health inferences without clear user consent, authorization checks, or operator awareness.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The `--open-id` parameter is described as accepting broad identifiers including phone numbers, which increases the chance that highly sensitive report history could be queried using guessable or reusable identifiers. In a skill handling elderly users' inferred emotional and mental-health status, using weak or overbroad identifiers materially raises privacy and unauthorized-access risk.

Context-Inappropriate Capability

Medium

Confidence: 78% confidence
Finding: This model stores token and open_token fields in a local SQLite database without any visible encryption, hashing, access control, or minimization. Storing authentication-style secrets for a mental-health monitoring skill without clear necessity increases the damage from local file compromise, backup leakage, or accidental exposure, especially given the sensitive elderly-health context.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: This utility is far broader than the skill’s stated purpose of local elderly video-behavior analysis: it performs authenticated outbound API calls, attempts login/registration, injects user metadata into requests, and persists tokens. In a sensitive health-monitoring context, this creates an unjustified data-exfiltration and account-coupling channel that could transmit identifiers, health-related context, or enable remote actions outside user expectations.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The helper automatically sends a username/mobile/openId to an external health endpoint and may create or log in an account without a clear user action. That is dangerous because it can silently disclose personal identifiers and establish external accounts/tokens for monitored individuals or operators, which is especially sensitive in an elderly mental-health setting.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill does not clearly warn users that uploaded home-camera videos may be persistently stored locally. Because the content involves intimate household monitoring and mental-health inference about elderly people, lack of clear notice materially undermines informed consent and increases privacy harm.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill omits a clear warning that remote video URLs, open-id values, and report queries are sent to a cloud/API service. In a context involving elderly household surveillance and emotional-risk reporting, undisclosed transmission of identifiers and sensitive observations to remote services creates substantial privacy, compliance, and data-governance risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The API documentation describes continuous in-home video and optional audio monitoring of elderly people in private spaces, plus report export, without explicit requirements for informed consent, retention limits, access controls, or secure handling of exported reports. In this context, the omission is dangerous because the system processes highly sensitive behavioral and mental-health-adjacent data in bedrooms/living rooms, creating substantial privacy, surveillance, and misuse risk if implemented as documented.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: This script collects a sensitive identifier (`open-id`, which may be a username or phone number) and performs highly sensitive behavioral/mental-health inference from home video without any visible consent flow, privacy notice, retention controls, or minimization safeguards. In the context of elderly in-home monitoring for depression/loneliness, this materially increases privacy and compliance risk because misuse or unauthorized processing could expose intimate health-related inferences and personally identifiable information.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill reads local video files into memory or submits remote video URLs to an analysis service without any visible user-facing notice, consent confirmation, or data-handling disclosure. Because the content involves in-home monitoring of elderly individuals and mental-health inference, undisclosed transfer of this sensitive audiovisual data materially increases privacy, compliance, and misuse risk.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The CLI accepts sensitive identifiers such as phone numbers and forwards them to the backend analysis workflow without any visible privacy notice, minimization, or warning. Given that the skill processes intimate in-home video and derives mental-health risk signals for elderly people, silent transmission of such identifiers increases privacy, compliance, and misuse concerns.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The request layer attaches tokens and user identifiers to outbound requests and auto-populates fields such as pnaUserName, tenantCode, and skill metadata without any evidence of user-facing notice in this code. In a mental-health monitoring skill, undisclosed transmission of identity and authorization data materially increases privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This helper sends phone/openId data to a remote endpoint for silent login/registration, with flags like silent and register indicating the operation can occur automatically. For elderly loneliness/depression monitoring, that creates a serious privacy issue because personal identifiers are transmitted and linked to an external service without visible in-file safeguards or notice.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal