ClawHub

Elderly Long-Term Immobility Monitoring (>12h) | 老年人长期静止(超12小时)监测

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill has a real elder-monitoring purpose, but it sends sensitive home video and identity data to cloud services with broad account, history, and health-analysis behavior that is not tightly scoped to immobility alerts.

Review this carefully before installing. Only use it if you trust the publisher and remote service with home surveillance video, elder-care reports, identity information, and local token storage. Confirm consent from the monitored person or their legal representative, avoid cameras in sensitive rooms, and require explicit approval before uploads, history queries, account creation, or report-link sharing.

SkillSpector (19)

By NVIDIA

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises only an elderly immobility monitoring function, but the documented workflow invokes shell commands, reads local config files, writes local files, accesses environment/workspace paths, and communicates with remote services without any declared permission boundaries. This creates hidden capability expansion and weakens user/admin ability to assess what data the skill can access or exfiltrate, especially given the highly sensitive home-surveillance context.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill’s stated purpose is narrow, but its documented behavior includes identity collection/login, local token persistence, cloud report enumeration, and generic remote job handling unrelated to simple activity detection. This mismatch is dangerous because users may provide intimate in-home video expecting local safety monitoring while the skill actually performs broader account-linked cloud operations and stores identifiers/tokens.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The mandatory open-id retrieval flow instructs the agent to read local configuration files for API credentials and to query cloud services for history, which exceeds the stated monitoring purpose. Reading local config and reusing credential-like values as user identifiers can expose secrets or cause cross-user data access if misconfigured, especially in shared workspaces.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The documented behavior broadens the skill from current immobility analysis to historical report listing and report-link generation, creating additional data exposure paths beyond the core use case. In a home elder-care setting, prior reports may reveal routines, medical incidents, and occupancy patterns, making the extra data access materially sensitive.

Description-Behavior Mismatch

Medium
Confidence
79% confidence
Finding
The implementation delegates to a generic or pet-oriented analysis path (`skill.get_output_analysis` with `pet_type`-driven configuration) instead of an elderly immobility-specific pipeline. In this safety-critical context, that mismatch can cause false negatives or false positives in emergency detection, resulting in missed welfare alerts or inappropriate notifications during a medical emergency.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documented API behavior is materially inconsistent with the skill’s declared purpose. Instead of only detecting prolonged inactivity for emergency alerting, it sends video to a generic remote analysis endpoint that performs face detection and produces health-style diagnostic outputs, indicating scope creep or hidden processing of highly sensitive data beyond user expectations.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Inferring constitution, organ condition, complexion-based health meaning, and similar health-related conclusions from video is unrelated to long-term immobility monitoring and represents sensitive health profiling. In the context of an elder-care safety skill, this is especially dangerous because users may believe they are using a simple welfare-monitoring tool while the system performs unvalidated medical-style inference on biometric data.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The implementation accepts arbitrary local files or remote video URLs and forwards them to a generic analysis backend, then exposes generic report export/listing behavior. That is materially broader than the declared purpose of fixed-camera elderly immobility monitoring, creating a scope mismatch that can enable undeclared surveillance or processing of unrelated sensitive media.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The report-list rendering surfaces health and face assessment fields unrelated to no-activity alerting, indicating the skill may process or disclose biometric/health inferences beyond its stated function. In an elderly-home monitoring context, this expands collection and exposure of highly sensitive personal data, increasing privacy and compliance risk.

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The file includes a generic user-account DAO and user profile persistence that are not clearly necessary for an elderly immobility monitoring skill. In a privacy-sensitive monitoring product, collecting and managing account data beyond the declared purpose expands the attack surface and increases the risk of unauthorized retention or misuse of personal data.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The User model stores authentication and profile-related fields including token, open_token, email, birthday, sex, and age, none of which are obviously required to detect long-term inactivity from cameras. In the context of a home-monitoring elder-care skill, unnecessary collection of sensitive personal and auth data materially raises privacy and account-compromise risk if the local database is exposed.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The default trigger condition is broad enough to auto-activate on general video-analysis requests involving elders or home video, which can cause unintended execution and data transfer. In this context, accidental processing of private residential surveillance footage is particularly sensitive and may occur without sufficiently informed consent.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill description does not clearly warn users that highly sensitive in-home surveillance footage may be uploaded or transmitted to a remote API service. This omission undermines informed consent and can lead to privacy violations, especially because cameras may cover bedrooms, living spaces, and other intimate areas of an elderly person’s home.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document exposes a sensitive elderly-monitoring API surface, including result retrieval and full report export, but provides no privacy, authorization-scope, retention, or consent guidance despite handling highly sensitive in-home surveillance and wellness data. In this context, undocumented or weakly constrained access to report export and alert data could enable unauthorized disclosure of intimate behavioral information about vulnerable individuals.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation instructs clients to upload video files or provide public video URLs to a remote server, but does not warn that this may transmit sensitive biometric and health-related information off-device. For an always-on home monitoring skill focused on elderly residents, this omission increases privacy risk because the data may include faces, routines, medical episodes, and in-home activity patterns.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This code sends user-supplied video files or URLs to an external analysis API without any visible warning, consent, or disclosure in the flow shown here. Because the skill processes continuous in-home elderly camera footage, undisclosed transfer of such data can expose intimate household activity and create serious privacy, legal, and trust harms.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The DAO automatically executes a schema-altering ALTER TABLE against sys_user during initialization, outside a managed migration path. Automatic database mutation at runtime can cause integrity problems, unexpected failures, and unauthorized data structure changes, especially in a sensitive elder-care system where reliability and auditability matter.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The request wrapper automatically attaches identity fields and authentication material, including tokens, API keys, and username-derived metadata, to outbound HTTP requests. In debug mode it also enables verbose HTTP logging and prints request context, which can expose sensitive credentials or personal identifiers to logs and operators, increasing the chance of leakage and unauthorized reuse.

Missing User Warnings

High
Confidence
98% confidence
Finding
The code performs automatic account lookup/creation by sending mobile number and openId-equivalent data to a remote endpoint without any visible consent, notice, or user-driven trigger. Because this skill operates in a sensitive elder-care context, silent transmission of personal identifiers can create privacy, compliance, and account-abuse risks if usernames are inferred, reused, or attacker-controlled.

Static analysis

Install untrusted source

Warn
Finding
Install source points to URL shortener or raw IP.

Dep not found on registry

Critical
Finding
1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal