Elderly TV Watching & Sedentary Reminder | 老年人电视观看时长与久坐关联

Security checks across malware telemetry and agentic risk

Overview

This skill has a plausible elderly-care purpose, but it sends sensitive in-home video to a remote service and includes under-disclosed account, token, report-history, and health-profiling behavior.

Install only if you are comfortable with home video of an elderly person being sent to a remote health-analysis backend, with reports stored and retrievable by open-id. Confirm informed consent from the monitored person or lawful guardian, avoid using real API keys as identifiers, and review how the backend stores, protects, and deletes videos, reports, account records, and tokens before deployment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (19)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 81% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 81% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The documented behavior expands from real-time reminder analysis into cloud-based historical report retrieval and listing, including fetching prior records tied to an open-id. That broadens data access beyond the apparent primary function and can expose sensitive historical monitoring data without sufficiently narrow user intent verification.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to read local/workspace configuration files and extract an api-key to use as an open-id before proceeding. Reading secrets from local configuration and repurposing them as identifiers is dangerous because it enables credential harvesting and unauthorized API access from the execution environment.

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: The documented API is inconsistent with the stated purpose of a sedentary TV-watching reminder skill. Instead of posture/duration analysis, it exposes generic video analysis that performs face detection and health/constitution diagnosis, indicating undeclared collection and inference of sensitive biometric and health-related data. In an elderly-care camera context, this scope expansion is especially dangerous because users may believe they are consenting only to activity reminders, not facial analysis and health profiling.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The response schema clearly includes unrelated face detection, constitution assessment, organ-condition output, and health warnings, which materially exceeds the skill's advertised sedentary reminder function. This creates a privacy and compliance risk by enabling sensitive profiling of elderly individuals from camera footage without clear necessity, transparency, or purpose limitation. Because the monitored population is elderly and the input is in-home video, the mismatch increases the severity of the issue.

Context-Inappropriate Capability

Medium

Confidence: 86% confidence
Finding: Support for arbitrary public video URLs broadens the system from a fixed in-home monitoring workflow into a general remote video analysis service. That expansion can enable analysis of third-party videos outside the intended care setting, undermining purpose limitation and increasing the risk of unauthorized surveillance or misuse of the endpoint. In this skill context, URL ingestion is harder to justify because the described use case is a dedicated living-room camera feed.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill accepts arbitrary remote HTTP/HTTPS video URLs and forwards them to the backend analysis service, which materially exceeds the manifest’s stated fixed-camera sedentary-monitoring use case. In an elderly-care context, this broadens the skill into a generic remote video ingestion pipeline, increasing privacy risk and enabling analysis of unrelated third-party footage without clear scope restriction or consent controls.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The file defines a generic DAO and a User model containing username, email, token, and open_token fields, which materially exceed the declared sedentary-TV reminder functionality. This scope mismatch is risky because it introduces identity and authentication-like data handling not justified by the manifest, increasing privacy and misuse exposure in a camera-based elderly-care context.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: Persisting identity and token-related data in a skill intended only to detect prolonged TV watching creates unnecessary collection of sensitive user data. In an elderly-care deployment, such overcollection is more dangerous because users are vulnerable, monitoring is continuous, and tokens could enable unauthorized access to connected services if exposed.

Description-Behavior Mismatch

Low

Confidence: 76% confidence
Finding: The DAO automatically creates local database state and performs schema mutation during initialization without any manifest disclosure. This is not inherently malicious, but it expands persistence and data retention behavior beyond the stated reminder function, which is significant in a surveillance-oriented elderly-care product.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The HTTP utility automatically provisions remote user accounts, retrieves tokens, and persists them locally through DAO operations, which is unrelated to a sedentary TV-watching reminder skill’s stated purpose. This creates hidden identity, account, and credential-handling behavior that can transmit personal identifiers off-device and silently establish backend access without clear user consent, increasing both privacy and abuse risk.

Missing User Warnings

High

Confidence: 93% confidence
Finding: The skill centers on continuous living-room camera monitoring of an elderly person and remote handling of resulting reports, but the primary description does not clearly warn about ongoing surveillance, cloud/API transmission, or retention of sensitive behavioral data. In this context, inadequate disclosure materially increases privacy and consent risk for a highly sensitive population.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The default trigger activates whenever a user provides a living-room sofa/TV video, which is broader than a clearly confirmed request for elderly sedentary monitoring. Overly broad auto-activation can cause unintended processing of private home video and unnecessary transmission to backend services.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The history-query auto-trigger uses broad phrases like viewing all reports/history, which can match ambiguous user requests and automatically enumerate sensitive monitoring records. In a health-adjacent elderly-care context, accidental disclosure of report history can reveal behavioral patterns and identity-linked data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The API documentation describes continuous camera-based monitoring of an elderly person’s posture, face orientation, and viewing behavior in a private living space, but it does not include explicit requirements for informed consent, notice of surveillance, retention limits, or data-handling safeguards. In this context, the omission is dangerous because the subject is a potentially vulnerable person in a home or care setting, making covert or poorly governed monitoring more likely to cause serious privacy harm and misuse.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The code reads local video files into memory or forwards remote video URLs to the analysis service without any user-facing notice, consent prompt, or visible disclosure in this flow. Because the skill handles in-home elderly monitoring footage, silent transmission of sensitive visual data creates substantial privacy and compliance risk, especially when the content may include bystanders or private living-space activity.

Missing User Warnings

Low

Confidence: 74% confidence
Finding: The code derives a filesystem path from the workspace and silently creates a local SQLite database under a data directory. In isolation this is low risk, but it represents undisclosed persistent storage in a skill whose manifest describes activity monitoring and reminders rather than local retention of user-related data.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The helper performs outbound requests to a health backend and can trigger user/account registration using a username/mobile-derived identifier without any visible consent or confirmation in this code path. In the context of an elderly-care monitoring skill, undisclosed network transmission and account creation are more concerning because they may involve sensitive household or personal data and non-technical users.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal