Family / Couple Conflict Intensity Detection | 夫妻/家庭争吵强度识别

Security checks across malware telemetry and agentic risk

Overview

This skill handles very sensitive home audio/video but has mismatched and under-disclosed cloud upload, account, identity, history, and token-storage behavior.

Review carefully before installing. This skill may send domestic audio/video or video URLs to a backend service, associate results with persistent identifiers, retrieve historical reports, and store user/token data locally. Do not use it with private household recordings unless the publisher provides clear remote-processing disclosure, consent flow, authorization model, retention/deletion policy, and removes unrelated pet, biometric, and health-analysis behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (27)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 88% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 88% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The manifest exposes powerful capabilities—environment access, file read/write, network, and shell execution—without declaring permissions or constraining their use. In a skill handling highly sensitive household audio/video, this gap prevents meaningful user review and enables covert local file access, exfiltration, or command execution beyond the stated purpose.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The documented purpose is conflict-intensity analysis, but the skill also performs account lookup/registration, token persistence, cloud report retrieval, and identity association via arbitrary open-id/phone inputs. This materially expands data collection and account linkage, creating a serious risk of unauthorized access to other users' reports, identity misuse, and surveillance of sensitive domestic-interaction data.

Description-Behavior Mismatch

Medium

Confidence: 82% confidence
Finding: The skill is presented as real-time local analysis and alerting, but it also instructs querying cloud-hosted historical reports tied to an open-id. That discrepancy matters because users may consent to local conflict detection without realizing the system also enables retrieval of accumulated relationship-conflict history from a backend service.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The documentation claims aggressive-word detection is local-only and forbids uploading raw audio, yet the workflow routes input media files/URLs to an external API for analysis. For intimate household conflict footage, this contradiction can lead users to share extremely sensitive audio/video under false privacy assumptions, increasing the risk of exposure, secondary use, or breach.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The skill simultaneously forbids uploading raw audio and instructs using an API service that processes supplied media, creating a direct privacy and security contradiction. Because the subject matter involves domestic arguments and possible abuse indicators, misleading users about whether raw recordings leave the device is especially dangerous.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill directs itself to read a shared config file and repurpose an api-key as an open-id user identifier. Reusing credentials across trust boundaries is unsafe: it can leak secrets, confuse authentication with user identity, and cause one user's or system credential to be used when accessing another user's sensitive conflict reports.

Description-Behavior Mismatch

Medium

Confidence: 86% confidence
Finding: The analysis request injects a petType parameter despite the manifest describing family conflict intensity detection. This mismatch suggests code reuse or hidden repurposing that can cause incorrect backend routing, misclassification, data integrity issues, or unintended sharing of sensitive household audio/video context with an endpoint expecting a different task schema; in a surveillance-style family monitoring skill, such purpose drift is more concerning because it processes highly sensitive domestic data.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The family-conflict analysis skill exposes a `pet_type` parameter and mutates a shared default classification setting (`ConstantEnum.DEFAULT__PET_TYPE`) that is unrelated to the advertised purpose. This indicates copy-paste or cross-skill code reuse that can cause incorrect model selection, unpredictable behavior, or cross-context data handling in a safety-sensitive domestic monitoring tool.

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The CLI documents pet-type categories and uses a pet-oriented default in a tool marketed for detecting family conflict intensity. This mismatch strongly suggests the wrong underlying pipeline or configuration may be invoked, which is especially risky for a system that may trigger reminders or emergency-contact workflows based on its output.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The documented endpoint is a generic video-analysis API whose response includes face detection and health-style diagnosis fields that do not match the stated purpose of family conflict intensity detection. In a skill handling in-home audio/video, this mismatch is dangerous because it suggests either undocumented secondary processing of highly sensitive biometric data or a swapped/reused backend that could collect or infer health-related attributes far beyond user expectations.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: Face detection plus organ/health diagnosis is unjustified for a skill whose stated function is to assess conflict intensity from motion and sound. Because the deployment context is private homes and counseling settings, documenting such capabilities materially increases the risk of covert biometric profiling, sensitive health inference, and misuse of intimate household recordings.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The code accepts arbitrary remote HTTP/HTTPS video URLs, which expands the skill from a local fixed-camera analysis workflow into a generic remote content ingestion path. In a family-conflict monitoring context, this increases privacy, consent, and scope-creep risk because the system may analyze third-party or externally hosted videos without the constraints implied by the skill description.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The script exposes history retrieval based solely on a caller-supplied open_id, and this file shows no authentication, authorization, or ownership check before returning analysis history. In the context of a family-conflict monitoring skill, those records are highly sensitive behavioral data, so insecure access could expose intimate household activity and conflict patterns.

Description-Behavior Mismatch

Medium

Confidence: 78% confidence
Finding: The DAO initializes and mutates a local database for user records, which exceeds the manifest's narrow conflict-analysis/reminder description and introduces persistent storage of personal data. In the context of an always-on audio/video family monitoring skill, unexplained persistence raises privacy and abuse concerns because retained user metadata can outlive the immediate detection purpose and expand the impact of compromise.

Description-Behavior Mismatch

High

Confidence: 91% confidence
Finding: The User model stores token and open_token fields and is paired with a generic DAO supporting full CRUD operations. For a skill advertised as conflict-intensity detection and reminders, maintaining account records and authentication-like tokens materially broadens the trust boundary and creates a more valuable target: compromise of this local database could expose credentials or enable unauthorized linkage to external services or user identities.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The generic HTTP helper silently performs account lookup, auto-registration, and token acquisition against an external health API before servicing arbitrary requests. That behavior is unrelated to the stated conflict-intensity analysis purpose and can transmit personal identifiers and create remote accounts without informed consent, expanding the privacy and abuse surface significantly.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The helper persists token and user information via DAO storage as part of background request processing, even though the skill is presented as an analysis/notification tool rather than an account-management system. Storing authentication material without clear necessity or disclosure increases the risk of credential misuse, unauthorized session reuse, and privacy violations if local storage is exposed.

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The skill says uploaded audio/video will be automatically saved locally, but it does not clearly warn users about retention before handling highly sensitive household recordings. Silent local persistence increases the chance of later unauthorized access, accidental reuse, or forensic recovery of private conflict footage.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script requires `--open-id` and accepts highly sensitive identifiers such as phone numbers without any privacy notice, minimization, or indication of how the identifier is stored or used. In the context of domestic audio/video conflict monitoring, linking intimate behavioral analysis to a persistent personal identifier increases privacy, tracking, and misuse risks.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The API documentation instructs users to upload video files or provide public video URLs but gives no warning about privacy, confidentiality, transmission security, or handling of household recordings. For a system monitoring domestic conflicts, these videos may capture abuse incidents, minors, private conversations, and interior home details, so omission of privacy guidance creates meaningful risk of unsafe deployment and accidental exposure.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill reads local video files into memory or forwards a user-supplied video URL to an analysis API without any visible user notice, consent flow, or disclosure in this code path. Because the skill processes highly sensitive in-home audio/video tied to domestic conflict and possible violence, silent transmission to backend services materially increases privacy and safety risk.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script requires an open_id/user identifier and uses it for analysis and history operations without any privacy notice, consent flow, or disclosure about collection, retention, or sharing. Because this skill processes domestic audio/video conflict data, silent handling of identifiers increases privacy risk and can enable tracking or linkage of sensitive household events to a person.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This request wrapper automatically injects identifiers and authentication data such as pnaUserName, X-Access-Token, X-Api-Key, and Authorization into outbound requests without any visible user-facing warning or consent gate. In the context of a domestic-conflict monitoring skill, silent transmission of identity and auth context is particularly sensitive because the system may process intimate household data and users would not reasonably expect unrelated credential propagation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal