ClawHub

Infant Blanket Kick Detection | 婴幼儿踢被/蹬被识别

Security checks across malware telemetry and agentic risk

Overview

This infant-monitoring skill handles very sensitive child video and identity data, but its cloud analysis, report history, account-token handling, and unrelated health/face-analysis artifacts are broader than the stated blanket-kick purpose.

Review this carefully before installing. Only use it if you are comfortable sending infant-room media and a user identifier to the publisher's cloud service, and ask the publisher for clear retention, deletion, authorization, and biometric/health-processing policies. Avoid public media URLs and do not provide phone-number-like identifiers unless account linkage is explicitly required and understood.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (20)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill scope expands from visual crib analysis into persistent cloud report retrieval and user-identity handling, which are not necessary for the core detection task. In the context of infant monitoring, this increases privacy exposure because historical reports and identifiers may reveal sensitive household routines and information about a child.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Requiring acquisition of an open-id from config files or the user before analysis introduces credential/identity collection unrelated to a local visual blanket-monitoring task. This is especially risky because the instructions direct reading configuration files and reusing API-related secrets, which can lead to credential harvesting, unauthorized account linkage, or misuse of stored identifiers.

Context-Inappropriate Capability

Low
Confidence
80% confidence
Finding
Automatically saving uploaded infant-monitoring videos to local storage creates unnecessary retention of highly sensitive footage involving a child. If the host is shared or compromised, these retained files could be exposed, copied, or processed beyond the user's expectation.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented API behavior is materially inconsistent with the stated skill purpose: instead of blanket-coverage or kick-detection, it describes generic remote video analysis with face detection and health-style diagnosis. In an infant-monitoring context, this creates a strong risk of undisclosed collection and transmission of sensitive infant video and biometric data to an unrelated backend, which could enable privacy violations, data misuse, or deceptive functionality.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Face detection and health/constitution diagnosis are unjustified capabilities for a blanket-kick monitoring skill and indicate collection or inference of sensitive biometric and health-related data beyond user expectation. Because the monitored subject is an infant, the mismatch is especially dangerous: it broadens surveillance scope and may process highly sensitive data without necessity, transparency, or valid consent.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The implementation is a generic file/URL submission and remote report retrieval client, while the manifest claims a narrowly scoped infant blanket-kick detection skill. This mismatch is dangerous because it can mislead users and reviewers about what data is actually processed and where it is sent, increasing the risk of undisclosed video exfiltration and overbroad backend use.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The comments and field extraction logic reference health/constitution assessment data unrelated to infant blanket monitoring, indicating probable code reuse from a different medical/health analysis workflow. In a baby-monitoring context this is risky because it suggests the skill may process or expose unrelated sensitive report fields, violating least privilege and creating privacy/compliance concerns.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
Allowing arbitrary remote video URLs broadens the trust boundary and can be abused to make the backend fetch attacker-controlled resources. Depending on how `skill.get_output_analysis` retrieves the URL, this can enable SSRF-style access to internal services, unintended processing of sensitive media, or use of the system as a proxy beyond the stated crib-camera use case.

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The file defines a generic user-account DAO and user model even though the stated skill purpose is infant blanket/kick detection. This scope expansion introduces unnecessary identity and account-management functionality, increasing the attack surface and creating opportunities for privacy misuse or later feature abuse unrelated to the advertised monitoring function.

Context-Inappropriate Capability

High
Confidence
92% confidence
Finding
The User model stores username, email, birthday, age, and especially token/open_token fields, none of which are justified by blanket-coverage monitoring in the provided description. Persisting identity and authentication-like secrets without clear need creates significant privacy and credential-handling risk, particularly in a baby-monitoring context where users expect narrowly scoped sensing rather than account data retention.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
This utility code performs user lookup, automatic account creation via /sys/phoneLogin, token retrieval, persistence, and retry-based reauthentication inside a generic HTTP helper. That behavior is unrelated to infant blanket/kick detection and materially expands the skill’s privileges and data handling surface, enabling covert identity bootstrapping and authenticated access to external services without clear necessity or user consent.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The _get_or_create_user helper sends a username/mobile/openId to a health-platform phone-login endpoint with silent and register flags enabled, which can create or access accounts automatically. In the context of a baby-monitoring skill, this is unjustified functionality and creates privacy, consent, and account-abuse risks because user identifiers are transmitted to an unrelated backend service.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The HTTP helper injects a payment/recharge workflow message when it receives status 402, steering users to install a payment skill and top up an account. While likely commercial rather than overtly malicious, it is unrelated to infant monitoring and indicates hidden platform coupling that can manipulate users and broaden the operational scope of the skill beyond its declared purpose.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The API documentation exposes an endpoint for exporting a complete report in a highly sensitive infant-monitoring context, but provides no documented constraints around authorization scope, data minimization, audit logging, or privacy handling. In this skill, exported reports could include sensitive household, video-derived, or neonatal monitoring data, so under-specified export behavior increases the risk of overexposure, unauthorized bulk access, or misuse of personal data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The API doc instructs users to upload videos or provide publicly accessible video URLs without any warning about privacy, biometric processing, health inference, retention, or secure handling. In the context of night-time infant bedroom monitoring, this omission is more dangerous because the videos likely contain highly sensitive footage of a child in a private space, potentially exposing intimate household data to external services.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code reads arbitrary local file contents and uploads them to a remote analysis API without any visible user disclosure, confirmation, or minimization in this file. In the stated context, those files are likely infant bedroom videos, making silent transmission especially sensitive because it may expose highly private recordings of children and home interiors.

Missing User Warnings

Medium
Confidence
77% confidence
Finding
The script requires `--open-id` and stores it in a global setting, indicating collection and likely transmission of a user identifier without any visible minimization, masking, consent notice, or retention controls. In the context of infant-room monitoring, this increases privacy sensitivity because the identifier may be linked to baby-monitoring activity and video-analysis history.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
FileUtil.open unconditionally opens arbitrary paths in write mode, which will overwrite existing files if the path is influenced by external input. Even though this is a generic helper, lack of safeguards can lead to accidental or unauthorized file clobbering, especially in a larger skill framework where paths may come from user-controlled or remote sources.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The user-bootstrap call transmits identifier data such as mobile/openId/username to an external service without any visible disclosure or consent handling in this code path. In a baby-monitoring context, users would not reasonably expect hidden identity transmission to a health backend, making the privacy risk more concerning.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The HTTP utility automatically attaches authentication headers, tenant/platform metadata, and user identifiers to outbound requests, while debug logging may also expose request metadata. This creates opaque data transmission and increases the risk of credential leakage or undisclosed sharing, particularly problematic for a child-monitoring skill that should have narrowly scoped, transparent network behavior.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal