Infant Stool Color Abnormality (Clay-Pale / Bloody) | 婴儿大便颜色识别（陶土色/血便）

Security checks across malware telemetry and agentic risk

Overview

This skill handles sensitive infant health images but its code and docs expand into cloud history retrieval, user identity/token handling, and generic video/health analysis beyond the advertised stool-color purpose.

Review before installing. This is not just a local stool-color helper: it sends infant-related images or URLs and identifiers to a remote service, can fetch historical reports, and can store account tokens locally. Only use it if you trust the publisher and backend, have explicit guardian consent, understand retention/deletion terms, and are comfortable providing a phone number or username as the identifier.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (22)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: A skill presented as image analysis also performs retrieval of cloud-hosted historical reports tied to a user identifier, which expands the data scope beyond immediate classification. This creates privacy and access-control risk because users may not expect cross-session aggregation of infant health-related images and reports, and a weakly protected identifier could expose past records.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Requiring an open-id from config files or direct user input for basic image screening is not justified by the stated function and pressures collection of identifying information unnecessarily. In a pediatric health context, binding infant medical imagery to a username or phone number raises sensitivity substantially and increases the harm from leakage, misuse, or unauthorized correlation across records.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The workflow instructs reading configuration files to obtain an API key/open-id, effectively granting the skill access to local secrets unrelated to stool-color classification. This is dangerous because it creates a path for secret harvesting from the workspace and silently repurposes stored credentials for remote service access without explicit user awareness.

Context-Inappropriate Capability

High

Confidence: 91% confidence
Finding: Injecting a petType parameter into requests for an infant stool color analysis workflow is inconsistent with the declared medical function and indicates cross-domain code reuse or misrouting of data. In a health-related skill, sending irrelevant classification fields can cause backend misprocessing, incorrect model selection, or tainted medical outputs, increasing the risk of unsafe recommendations or delayed care.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The documented API is fundamentally inconsistent with the advertised skill purpose: instead of infant stool-color image analysis, it describes a generic video-analysis service performing face detection and broad health/organ diagnosis. This creates a serious security and trust issue because users may submit sensitive infant-care media under false pretenses while the backend appears capable of collecting unrelated biometric and health inferences.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: Including face detection and generalized physiognomy/health diagnosis is unjustified and especially dangerous in this skill context, which involves infants and diaper-area imagery. It expands processing into highly sensitive biometric and medical-inference territory without any apparent necessity, increasing privacy, compliance, and misuse risk far beyond the stated stool-color safety use case.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The implementation materially diverges from the declared skill purpose: it performs generic video analysis and history listing instead of narrowly scoped infant stool-color image analysis. In a safety-sensitive pediatric context, this kind of scope mismatch is dangerous because it can hide undisclosed data processing, broaden collection beyond what users consented to, and indicate the published manifest is not an accurate description of runtime behavior.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: Allowing arbitrary remote video URLs expands the attack and privacy surface beyond the stated medical-image workflow. This can enable unintended fetching of third-party content, server-side request abuse depending on downstream implementation, and ingestion of unrelated sensitive media without a clear medical need or user expectation.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The history-listing capability is outside the declared stool-color detection scope and appears to retrieve prior analysis data keyed by user identifier. In a medical or quasi-medical infant-care setting, exposing or aggregating prior records without explicit purpose limitation increases privacy risk and can leak sensitive health-related history.

Intent-Code Divergence

Medium

Confidence: 84% confidence
Finding: Comments and user-facing descriptions repeatedly refer to video analysis, contradicting the manifest's infant stool image-color analysis claim. While not an exploit by itself, this inconsistency is a meaningful security signal because misleading descriptions around inputs and processing can conceal broader data handling than users or reviewers expect.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: This file implements generic persistence for user accounts, including CRUD operations on usernames and account records, which is unrelated to the stated infant stool-color image analysis purpose. In a health-oriented skill handling newborn-related imagery, collecting and mutating unrelated user-account data materially expands the privacy and attack surface without clear necessity, increasing risk of unauthorized retention, misuse, or repurposing of sensitive data.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The User model stores authentication-like tokens (token, open_token) and personal profile data (email, birthday, sex, age) even though the advertised skill is for stool-color detection and medical reminders. In the context of infant-health monitoring, this unjustified collection of credentials and personal data increases the consequences of compromise and suggests overcollection of sensitive information beyond the stated function.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: This utility performs unrelated account creation/login, token retrieval, and local token persistence in a shared helper used by the skill. For an infant stool-color analysis skill, silently creating accounts and storing bearer tokens expands the trust boundary and can expose user identity and credentials to backend systems without clear necessity or consent. The medical context makes this more sensitive because requests may be tied to pediatric/health-related usage data.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The file provides broad outbound HTTP capability and automatically injects multiple credential-bearing headers into arbitrary requests. In a medical-monitoring skill, this creates unnecessary exfiltration and misuse risk if other code paths call this helper with attacker-controlled or overbroad destinations, especially since sensitive tokens and user identifiers are attached by default.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The default trigger is broad enough to activate on essentially any uploaded diaper or stool image, increasing the chance that sensitive infant images are processed or transmitted without a sufficiently specific user request. Over-broad auto-invocation is risky here because the content involves minors and health-related imagery, where accidental processing has elevated privacy consequences.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The history-report auto-trigger keywords are too expansive and include phrasing like medical diagnosis/report queries, which may cause users to unintentionally invoke retrieval of sensitive records. This is particularly problematic because it can surface cloud-stored infant health data tied to an identifier without a deliberate access request.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill does not clearly warn users that infant images and identifiers may be transmitted to a cloud API and stored for later history lookup. This lack of transparency undermines informed consent and is especially dangerous because the data concerns a minor's health-related images combined with persistent identifiers, creating significant privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The script requires an --open-id that may be a username or phone number and stores it in a global/shared runtime variable without any user warning, minimization, or privacy notice. In a medical context involving infant stool images and health-risk analysis, associating sensitive health-related data with direct identifiers increases privacy and compliance risk if logs, downstream services, or history features retain or transmit that identifier.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The API supports file uploads and public video URLs but gives no warning about privacy, network transmission, or third-party exposure risks. In this context, users may transmit videos of infants, diaper changes, or home environments, so the absence of clear disclosure and handling guidance materially increases the chance of accidental exposure of sensitive personal and health data.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill transmits local file contents or a user-supplied remote URL to an external analysis service without any visible user-facing consent, warning, or privacy notice in this code path. Because the skill handles infant medical imagery, silent transmission increases privacy risk and may cause users to share highly sensitive health data without informed consent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script requires an open-id/user-id/username/phone number and appears to pass it into backend analysis/listing flows without any visible privacy notice, minimization, or purpose limitation. In the context of infant health analysis, this creates elevated privacy sensitivity because identifiers can be linked to medical-like observations and historical records.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The code transmits usernames, open IDs, API keys, access tokens, and authorization tokens to remote services without any visible user-facing disclosure or consent flow in this file. Because the skill concerns infant health screening, undisclosed transmission of identifiers and authentication material raises privacy and compliance concerns and could link sensitive medical usage to specific users.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal