ClawHub

智能失禁状态提醒技能

Security checks across malware telemetry and agentic risk

Overview

This skill handles very sensitive care images and videos, but its scope and data handling are not disclosed clearly enough for automatic trust.

Review this carefully before installing. Use only with explicit consent from the person or guardian, confirm the remote service and retention/deletion terms, prefer a pseudonymous open-id instead of a phone number, and avoid using it for unattended safety-critical care without human confirmation. Inspect logs and the local SQLite token store if deployed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (28)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The README documents a completely different medical-analysis function than the declared incontinence-alert skill, indicating serious scope mismatch or repackaging. In a caregiving context, this can cause operators to deploy a skill that captures face videos and performs unrelated health inference instead of detecting wet clothing or excretion events, creating both safety and privacy risk.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Claiming health diagnosis and wellness recommendations from facial video is an unjustified medical capability for an incontinence-alert skill and expands processing into sensitive health inference. This is dangerous because caregivers may rely on unsupported diagnostic output, while subjects are exposed to unnecessary biometric and health-data collection.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documented API performs face analysis and health/constitution diagnosis, which is materially different from the stated purpose of an incontinence alert skill. This mismatch is dangerous because it can conceal collection and processing of unrelated biometric and inferred health data, expanding privacy and compliance risk beyond what users or integrators would reasonably expect.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Facial health-diagnosis outputs such as organ condition, constitution, and complexion-based health inference are unjustified for an incontinence-alert workflow and indicate processing of sensitive biometric and health-related inferences without clear necessity. In a caregiving context involving elderly patients, bedridden patients, and infants, this creates heightened risk of invasive surveillance, improper medical inference, and regulatory noncompliance.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill metadata describes an incontinence alert analysis function, but this API client exposes generic record-management methods such as page, list, add, edit, and delete. In a healthcare-adjacent context handling sensitive monitoring data, capability expansion beyond the stated purpose increases the attack surface and can enable unauthorized modification or removal of records if these methods are reachable by the agent or upstream callers.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The add, edit, and especially delete operations provide resource administration capability that is not justified by the declared alert-analysis purpose of the skill. Because the skill appears to operate on caregiver/patient monitoring infrastructure, misuse of these methods could tamper with camera or analysis records, disrupt alerting, or erase operational data relevant to care and auditing.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file content is clearly for face/health analysis, while the declared skill is an incontinence alert skill. This kind of cross-skill mismatch is dangerous because it can cause the wrong model endpoints, categories, or data flows to be used, potentially processing sensitive biometric/health data under an unrelated feature and violating least-privilege, consent, and data-handling expectations. In a caregiving/medical context, such confusion increases the risk of privacy breaches and incorrect notifications or analysis results.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The implemented behavior is for traditional Chinese medicine face-diagnosis, while the declared skill is for incontinence alerting. This functionality mismatch is dangerous because users may deploy the skill expecting wet-clothing or excretion detection and caregiver notification, but receive unrelated biometric/health analysis instead, causing missed care events and unsafe reliance in a sensitive caregiving context.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The result formatting exposes facial health-diagnosis content instead of incontinence monitoring results. In this skill context, that mismatch increases risk because caregivers may interpret the tool as operational for patient hygiene monitoring, yet it produces unrelated medical-style outputs and no alerting behavior, undermining patient safety and trust.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The function documentation and naming imply generic video analysis, but the actual behavior is tied to face-diagnosis features inconsistent with the skill’s stated purpose. Misleading interfaces in a healthcare-adjacent workflow can cause operators or integrators to call the function under false assumptions, resulting in misuse and missed detection of genuine care conditions.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The code and user-facing output clearly implement face-diagnosis report formatting and export links, which materially contradicts the manifest claiming incontinence wetness/excretion alerting. In a care setting, this kind of capability mismatch can cause operators to believe patient monitoring is active when it is not, leading to missed care events and inappropriate collection/processing of unrelated biometric health data.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The input pipeline is built for local/remote video submission to an analysis backend and not for the described incontinence-alert workflow. In this context, the mismatch is dangerous because sensitive patient media may be sent to an external service under false pretenses, while caregivers may rely on a nonexistent alerting function for bedridden or infant care.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The historical record listing exposes face-analysis report history rather than incontinence alerts, reinforcing that the shipped behavior does not match the declared clinical/care function. In a healthcare-adjacent environment, this can mislead staff, surface unrelated sensitive reports, and undermine trust in care automation.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The docstrings/comments explicitly describe face-diagnosis report retrieval, contradicting the manifest's incontinence-alert purpose. While comments alone are not executable, here they corroborate a broader functional mismatch that can mislead maintainers, reviewers, and deployers about what patient-facing behavior is actually implemented.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
Additional comments and docstrings continue to describe face-analysis report processing, further evidencing a mislabeled medical/care skill. In a sensitive caregiving context, such contradictions increase the chance of incorrect deployment, unsafe reliance, and accidental processing of the wrong class of health data.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The file adds a generic `ai_chat` capability that can invoke an external agent with arbitrary prompt text, which is outside the stated purpose of a visual incontinence-alert skill. Even though the subprocess call is currently commented out, the surrounding code is clearly designed to support arbitrary agent execution, expanding the skill's authority and creating a latent abuse path if re-enabled or completed later.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
This utility function performs account lookup, implicit user creation/login via /sys/phoneLogin, token acquisition, and token persistence in a local DAO, which materially exceeds the stated purpose of a visual incontinence alert skill. The behavior is risky because it silently provisions identities and stores authentication material without clear user consent or tight scoping, creating opportunities for unauthorized account creation, token misuse, and privacy violations.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The HTTP utility returns payment/recharge instructions when a 402-like condition occurs, embedding unrelated monetization workflow into a medical-care-oriented skill. In this context, mixing care functionality with upsell/payment prompts is dangerous because it can confuse operators during care events and indicates the code path is broader than the declared skill purpose.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger logic uses broad caregiving-related keywords that can auto-activate the skill in situations beyond the user's clear intent. In this context, unintended activation is risky because it may cause sensitive medical or intimate media to be processed, stored, or sent to a remote service without sufficiently specific user confirmation.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill handles media of intimate body areas and explicitly relies on a remote API, but the description does not clearly warn users that uploaded images/videos and URLs will be transmitted off-device for analysis. Because the target population includes infants, bedridden patients, and disabled seniors, this omission creates severe privacy, consent, and compliance risk around some of the most sensitive possible visual data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill accepts local file paths or remote URLs for analysis and forwards them to external analysis logic without any explicit user-facing disclosure, consent, or data-handling warning. Given the medical/care context, the inputs may contain highly sensitive images or videos of elderly, bedridden patients, or infants, making silent transmission to an external service a significant privacy and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation instructs users to send local or remote videos to an API endpoint without clearly warning that sensitive video data may be transmitted off-device. Because the described use involves faces and health-related analysis, undisclosed transmission materially increases privacy, consent, and compliance risk.

Missing User Warnings

Low
Confidence
83% confidence
Finding
Automatic saving of analysis results is a real privacy issue when the outputs may contain sensitive health-related inferences, yet the README gives no warning about local persistence. Users may leave diagnostic artifacts on shared systems or unmanaged storage without realizing it.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The API accepts uploaded videos and public video URLs but provides no warning or handling guidance for sensitive biometric data, patient footage, or exposure through publicly accessible links. Because the skill targets vulnerable populations and likely captures intimate care scenarios, omission of privacy warnings and safeguards increases the chance of unauthorized disclosure, over-collection, and unsafe data sharing.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script writes potentially sensitive face-analysis results to any user-specified local file path without warning, access controls, or data-minimization safeguards. Because the data appears health-related and biometric in nature, local persistence can create confidentiality and compliance risks if written to shared, insecure, or unintended locations.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal