Infant Suffocation Risk Detection | 婴幼儿趴睡窒息风险识别

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This infant-monitoring skill needs review because it handles sensitive child video and identifiers through cloud services while parts of the code and documentation appear mismatched to the stated safety purpose.

Do not treat this as a reliable baby-safety monitor without publisher clarification. Before installing, require proof that the backend is infant-safety-specific, that video and report storage have retention/deletion and access controls, that guardian consent is explicit, that silent account creation/token persistence is removed or clearly opt-in, and that the dependency issue is fixed.

SkillSpector (24)

By NVIDIA

Description-Behavior Mismatch

Medium

Confidence: 85% confidence
Finding: A skill presented as real-time suffocation-risk detection also performs cloud historical report queries, which broadens scope beyond immediate analysis. This matters because users may provide infant-monitor footage expecting transient processing, while the design encourages retrieval and display of stored report data tied to prior sessions or accounts.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The workflow requires collecting and using open-id and optionally guardian contact information for report saving/querying, which exceeds a narrowly described video-analysis function. In the context of infant monitoring, tying sensitive safety events and video-derived reports to user identity materially increases privacy risk and potential unauthorized access to a child's monitoring history.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill instructs reading configuration files to obtain an api-key/open-id, effectively repurposing local config secrets for user-associated operations. This is dangerous because it encourages accessing potentially unrelated credentials from the workspace and may transmit them to remote services, creating a secret-exposure and cross-context data-use risk.

Description-Behavior Mismatch

High

Confidence: 90% confidence
Finding: The analysis request injects a `petType` parameter into a skill described as infant suffocation monitoring, which is inconsistent with the stated medical/safety purpose. In a safety-critical context, sending the wrong domain parameter can route requests to an incorrect model, misclassify infant posture/occlusion events, or silently degrade detection accuracy, potentially causing missed suffocation alerts or false alarms.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The function claims to perform infant suffocation-risk detection, but it simply forwards the input to a generic skill API and even exposes a pet_type parameter with values like cat/dog/other. In a safety-critical infant-monitoring context, this mismatch can cause users to trust outputs that were not produced by an infant-specific model, leading to missed or incorrect alerts for prone sleeping or airway occlusion.

Intent-Code Divergence

Low

Confidence: 82% confidence
Finding: The CLI states that the API key is required, but the code neither enforces its presence nor uses it in the analysis call. This creates a false assurance about authentication and service binding, which can cause the tool to run in an unintended local/default mode or against an unauthenticated path while operators believe access controls are in place.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The documented API endpoint and response schema describe a generic video/face analysis service that returns physiognomy-style health diagnosis data, which is materially different from the claimed infant suffocation-risk detection function. In a safety-critical baby-monitoring skill, this mismatch is dangerous because integrators or users may rely on a non-existent or unrelated capability to detect prone sleeping or airway occlusion, creating a false sense of protection.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The response payload explicitly returns face detection, constitution, organ-condition, complexion, and health-warning data unrelated to infant sleep safety. In this context, the presence of unrelated health-diagnosis functionality suggests the skill may be misrepresented, repurposed, or wired to the wrong backend, which is especially hazardous for a product intended to warn about suffocation and SIDS risks.

Description-Behavior Mismatch

High

Confidence: 91% confidence
Finding: The code exposes generic report-listing and export-link functionality that is not aligned with the declared infant suffocation monitoring purpose. In a safety-critical baby-monitoring context, unrelated historical report access increases the chance of unauthorized data exposure, over-collection, or cross-purpose access to sensitive analysis results, especially if upstream APIs do not strictly enforce per-user authorization.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill accepts arbitrary local file paths and arbitrary remote video URLs, which is broader than the stated fixed baby-monitor camera workflow. This expands the attack surface for unintended data ingestion, privacy violations, and misuse of the backend analysis service on unrelated or sensitive media.

Intent-Code Divergence

Medium

Confidence: 79% confidence
Finding: Comments and field handling reference health/constitution assessment behavior that is inconsistent with infant suffocation-risk detection. This suggests code reuse across unrelated medical-analysis domains, which can cause data-mixing, incorrect assumptions about API responses, and accidental exposure or retrieval of unrelated sensitive health data.

Context-Inappropriate Capability

Medium

Confidence: 76% confidence
Finding: Accepting arbitrary remote URLs expands the attack surface beyond local baby-monitor input and can enable server-side request forgery behavior or unintended access to internal/network-restricted resources if downstream code fetches the URL. In a safety-monitoring skill, this is more concerning because the manifest implies a constrained, purpose-built monitoring pipeline rather than arbitrary external content ingestion.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: This shared utility contains account creation/login, token retrieval, and token refresh logic that is unrelated to the advertised infant video suffocation-risk detection function. Embedding identity and credential workflows in a common request helper expands the attack surface, enables silent backend account actions, and makes it easy for any caller of this utility to trigger user enrollment or reuse stored tokens without clear consent boundaries.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The helper can silently auto-register or log in a user against a health service using a username/mobile identifier by posting to /sys/phoneLogin with register=1 and silent=1. In the context of a baby-monitoring skill, this is especially concerning because it can create accounts tied to personal identifiers without transparent disclosure, creating privacy, consent, and account-abuse risks.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The code stores fetched token and profile data locally via the DAO after obtaining them from the backend. Persisting authentication material in a shared utility, especially for a safety-monitoring skill that does not obviously require durable local credential storage, increases exposure to token theft, lateral misuse, and accidental reuse by unrelated functions.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The default trigger condition is broad enough to auto-activate on essentially any uploaded crib-monitor video or URL. Over-broad triggering can cause unintended processing and transmission of highly sensitive infant footage without sufficiently specific user intent, increasing privacy and compliance risk.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill omits a clear up-front warning that uploaded infant videos and report queries are sent to a cloud API. Because the data concerns minors in private spaces and may be linked to identity/history, failure to disclose remote transmission and storage meaningfully undermines informed consent and can lead to severe privacy and regulatory exposure.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation specifies 24/7 infant video capture, infrared night vision, and returning a snapshot URL, but provides no guidance on consent, retention limits, access controls, encryption, or handling of highly sensitive child imagery. In the context of continuous monitoring of infants in bedrooms or care facilities, omission of privacy and security requirements materially increases the risk of unauthorized surveillance, leakage of child images, and misuse of sensitive behavioral data.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: Documenting an endpoint to export complete reports without any mention of role-based access control, audit logging, redaction, or secure delivery creates a clear path for mass disclosure of sensitive infant monitoring records. Because these reports likely contain timestamps, risk events, and possibly linked imagery from a child's sleeping environment, unauthorized export would have serious privacy and safety consequences.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The API allows upload of infant videos or submission of public video URLs without any privacy, retention, access-control, or sensitive-data handling guidance. Because this skill processes continuous bedroom footage of infants, the absence of explicit safeguards increases the risk of unauthorized disclosure, unsafe sharing via public URLs, and non-compliant handling of highly sensitive family and child data.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The code reads local file contents and uploads them, or forwards remote video URLs to a backend analysis API, without any visible user-facing disclosure or consent mechanism in this file. Because the skill operates on potentially sensitive infant video, silent transfer of local or remote media materially increases privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The function logs the full prompt content in debug mode, which can expose sensitive user data, health-related observations, or monitoring context to logs and consoles. In this skill's infant-monitoring setting, prompts may contain especially sensitive household or medical-adjacent information, making unintended disclosure more serious.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: This code transmits identifiers and authentication-related data to remote services, including mobile/openId-derived values and headers carrying tokens/API keys, without any visible user-facing notice or consent mechanism in the file. For an infant-monitoring skill handling a highly sensitive home environment, undisclosed data transfer materially increases privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The utility saves fetched user token data and profile information locally without any visible notification or consent handling in this code path. In a baby-monitoring context, covert persistence of authentication state can undermine user trust and create a durable privacy exposure if the local system or database is compromised.

Static analysis

Install untrusted source

Warn

Finding: Install source points to URL shortener or raw IP.

Dep not found on registry

Critical

Finding: 1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal