Family Conflict Aftercare Suggestion | 夫妻/家人冲突后情绪缓和提示

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it asks to process sensitive in-home audio/video through cloud services while also creating accounts, storing tokens, and exposing history/report access with insufficient user controls.

Review this carefully before installing. Only use it if everyone affected has explicitly consented to in-home audio/video monitoring and cloud analysis, and confirm where recordings, reports, identifiers, and tokens are stored, who can access them, how to delete them, and whether automatic account registration can be disabled. Do not deploy it in private rooms or for vulnerable household members without strong controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (24)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 83% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 82% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Description-Behavior Mismatch

Medium

Confidence: 82% confidence
Finding: The skill description shifts from soothing prompts into violence escalation and emergency-contact routing, which is a materially different safety function. This scope expansion can cause users to unknowingly trigger sensitive incident classification and external-action recommendations based on in-home monitoring data.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: Historical report retrieval and mandatory cloud querying are not part of the stated real-time aftercare scope, yet they introduce additional collection, processing, and exposure of sensitive household conflict history. That increases privacy risk and enables broader surveillance than users would reasonably expect from the manifest description.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill directs retrieval of an open-id from shared configuration files or user identity fields, which is a credential/identifier harvesting pattern not clearly necessary for local conflict analysis. Accessing shared config secrets and treating usernames or phone numbers as identifiers expands identity linkage and raises the risk of unauthorized account correlation or misuse.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The documented API is materially inconsistent with the skill’s stated purpose. Instead of conflict detection and post-conflict calming, it describes uploading video to an external endpoint for face detection and health/constitution diagnosis, indicating scope creep or hidden functionality that could collect and process highly sensitive biometric and inferred health data unrelated to the user-facing feature.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: Inferring organ condition, constitution, and health warnings from household video is unjustified for a family conflict aftercare skill and involves sensitive health profiling. In this context, the mismatch is especially dangerous because the skill operates inside private home spaces and may capture family members, including minors, creating significant privacy, consent, and misuse risks.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The implementation is a generic video submission and report retrieval client, while the declared skill is narrowly about detecting family conflicts and providing calming aftercare prompts. This mismatch creates a scope-expansion risk: users may believe the skill performs limited, privacy-sensitive post-conflict assistance, but the code can upload arbitrary local files or remote video URLs to a backend for broad analysis and reporting, increasing the chance of covert collection or repurposing of intimate household surveillance data.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The code exposes report listing and export URL generation capabilities that are broader than necessary for a household aftercare feature. In a family-conflict monitoring context, this increases privacy risk because historical analysis records and exported report artifacts may reveal sensitive behavioral patterns, interpersonal incidents, or household routines if accessed by an unintended user or over-broad integration.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The CLI accepts arbitrary remote video URLs for analysis, which expands the skill beyond its stated fixed in-home camera purpose and can enable analysis of third-party or unauthorized content. In a privacy-sensitive family-monitoring context, this increases the risk of misuse, unintended surveillance, and ingestion of untrusted external media sources without provenance controls.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The file implements a generic user-account persistence layer, including a user table and account-oriented DAO, even though the declared skill is narrowly about post-conflict soothing prompts. This functionality mismatch is suspicious because it expands data collection and persistence beyond what is necessary for the advertised behavior, increasing privacy and abuse risk.

Context-Inappropriate Capability

High

Confidence: 95% confidence
Finding: The User model stores personal profile data and authentication-style secrets such as token and open_token without a clear connection to the skill's stated purpose. In a home conflict-monitoring context, retaining unnecessary identifiers and tokens materially raises privacy and account-compromise risk if the local database is accessed or exfiltrated.

Context-Inappropriate Capability

Medium

Confidence: 78% confidence
Finding: The DAO derives a database location from the OPENCLAW_WORKSPACE environment variable and creates a shared local data directory. In a reusable agent environment, this can cause data to be written into an unexpected shared workspace, broadening exposure of sensitive household-monitoring or account data beyond the skill's immediate scope.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The file introduces a generic `ai_chat` capability that is unrelated to the stated skill purpose of conflict detection and post-conflict soothing. Hidden or unnecessary agent-invocation surfaces increase attack surface, create opportunities for prompt/data exfiltration if later wired up, and make it harder to reason about what data from in-home cameras/microphones might be sent to external services.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: This utility layer performs broad outbound API communication, credential injection, token handling, and retry logic that are not justified by the stated conflict-aftercare skill. In a home-monitoring context, such generic network access increases the risk that sensitive household telemetry or user identifiers could be sent to unrelated backend services without clear user awareness or need.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The code can silently create or log in accounts through a phone-login endpoint using a username/openId/mobile value, with "silent" and "register" enabled. For a skill that monitors family conflicts inside the home, automatic account provisioning is especially risky because it can bind highly sensitive behavioral data to backend identities without informed consent.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The default trigger condition is broad enough to activate on essentially any uploaded home audio/video that matches the domain, without strong confirmation of user intent. For a skill processing intimate in-home conflict recordings, accidental activation can lead to sensitive analysis and cloud transmission of private family incidents.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill involves continuous or repeated monitoring of highly sensitive in-home audio/video and cloud-backed reporting of domestic conflict indicators, yet the description lacks a clear warning about these privacy implications. This is especially dangerous because the context is intimate family settings, where undisclosed surveillance and cloud processing can expose vulnerable adults, children, and potential abuse situations.

Natural-Language Policy Violations

Medium

Confidence: 80% confidence
Finding: Hard-coding Chinese-language safety resources and response content without locale or language opt-in can misdirect users in emergencies and make critical guidance unusable. In a violence or crisis context, wrong-language or wrong-jurisdiction emergency instructions can delay access to appropriate help.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The API documentation instructs clients to send video files or publicly accessible video URLs plus an API key, but provides no warning or controls around sensitive household audio/video handling. For a family-monitoring skill, this omission is risky because it encourages transmission of intimate in-home recordings without clear disclosure, retention limits, access protections, or consent requirements.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The code submits local file contents or remote video URLs to an analysis service without any visible user disclosure, consent flow, or warning in this file. Because the stated use case involves cameras and microphones in private family spaces, silent transmission of recordings is especially sensitive and can expose highly personal conversations, conflicts, and household activity to external systems without informed consent.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The tool requires an open_id and submits video source material for analysis, but the code provides no explicit notice, consent prompt, minimization, or transmission safeguards visible in this path. Given the skill’s family-conflict monitoring scenario, these inputs may contain highly sensitive household and behavioral data, making silent transmission materially risky from a privacy and compliance standpoint.

Missing User Warnings

Medium

Confidence: 71% confidence
Finding: The constructor performs automatic schema alteration on startup, and the DAO also provides hard delete capability, without any visible confirmation, migration control, or operational guardrails. In practice this can lead to unintended data modification or loss, especially in a local SQLite database holding sensitive personal information.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The code persists token and openToken values to a local user record, creating a durable credential store without any visible safeguards in this file such as encryption, scoped storage, rotation, or user notice. If that storage is accessed by other code or an attacker, the tokens could be reused to impersonate users or access backend services.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal