ClawHub

Pregnant Prolonged-Standing / Over-Fatigue Detection | 孕妇久站/过度劳累识别

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it handles highly sensitive pregnancy-related home video and identifiers with under-scoped cloud, account, token, and history behavior that needs review before installation.

Install only after confirming you are comfortable sending private home video and pregnancy-related activity data to the listed remote services, linking reports to an identifier such as a username or phone number, and allowing local/cloud history and token storage. Prefer a version with explicit consent prompts, pseudonymous IDs, restricted endpoints, no face or diagnostic analysis, clear retention/deletion controls, and secure token storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (27)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no permissions while instructing use of environment access, local file read/write, shell execution, and network/API communication. This is dangerous because it obscures the actual trust boundary: users may believe the skill is a local posture-analysis helper, while it can access config files, collect identifiers, upload sensitive home video, and persist data remotely.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented purpose is maternal posture/fatigue monitoring, but the behavior includes backend login/account linkage, token handling, historical cloud record access, and unrelated parameters like petType. This mismatch is dangerous because it can mislead users and reviewers about what the skill actually does, hiding collection of credentials/identifiers and remote persistence of sensitive health-monitoring data.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill requires obtaining an open-id from config files or directly from usernames/phone numbers, then uses it to save and query cloud-side history. In the context of pregnancy-related monitoring, this links highly sensitive health/behavioral data to personal identifiers, increasing privacy risk, re-identification risk, and the consequences of backend compromise or misuse.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill expands from posture/fatigue reminders into cloud-backed historical report listing and direct retrieval of report URLs. That broader functionality increases the amount of sensitive data exposed and changes the privacy profile of the skill, especially when combined with home video and maternal health context.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The API documentation describes a broad remote video-analysis service that performs face detection and generalized health/constitution diagnosis, which materially exceeds the stated purpose of a pregnancy posture-fatigue reminder skill. This mismatch indicates undocumented data collection and inference on sensitive biometric and health data, increasing the risk of privacy violations, over-collection, and deceptive processing beyond user expectations.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Face detection and broad organ/health diagnosis from uploaded video are unjustified for detecting standing duration and bending frequency. In the context of a home monitoring skill for pregnant women, these capabilities process especially sensitive biometric and medical-adjacent data without a demonstrated need, expanding both harm from misuse and compliance risk.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill accepts arbitrary http/https URLs and forwards them for backend analysis, which expands the trust boundary far beyond the stated fixed-camera/home-app use case. This can enable server-side request forgery, analysis of unintended third-party content, or privacy violations if internal or sensitive URLs are supplied; in a pregnancy-monitoring context, the mismatch is more concerning because the skill handles highly sensitive health-related video.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The code generates report export links not described in the manifest, creating an undisclosed data-access surface for analysis outputs. For a maternal-health monitoring skill, hidden export functionality can expose sensitive posture/health assessment data to users or integrations that were only expecting reminder behavior.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
Historical report enumeration is broader than the declared real-time reminder workflow and can expose prior analyses at scale. In this context, listing past pregnancy-related monitoring results increases privacy risk, enables bulk metadata disclosure, and may reveal sensitive behavioral or health patterns beyond what users reasonably expect.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
This file exposes broad generic CRUD wrappers and arbitrary HTTP verb helpers that are not constrained to the posture/fatigue-monitoring use case described in the skill metadata. In a privacy-sensitive pregnancy-monitoring context, such generic outbound request capability can enable transmission of camera-derived or health-related data to unexpected endpoints, expanding the attack surface and making misuse harder to audit.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The helper methods allow arbitrary outbound network requests based on caller-supplied URLs, with no visible validation or domain restrictions in this file. In a home camera system processing sensitive pregnancy and behavioral data, this creates a serious exfiltration and SSRF-style risk because other components can send data or trigger requests to attacker-controlled or unintended destinations.

Description-Behavior Mismatch

Medium
Confidence
78% confidence
Finding
The module initializes a local SQLite database, creates tables, and mutates schema for user-related data even though the declared skill purpose is posture/fatigue monitoring. In a home camera skill focused on a pregnant user, unexplained persistence broadens the data-collection surface and can enable unnecessary retention of sensitive profile or token data without clear need or consent.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The code defines storage for user account/profile fields including username, email, birthday, age, sex, token, and open_token, which is difficult to justify for a posture/fatigue reminder skill. Because the application context involves pregnancy monitoring in private spaces, collecting and persisting identity and token data increases privacy risk and potential harm if the device or database is accessed by others.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The utility contains an automatic remote login/account-creation flow (`/sys/phoneLogin`) that is unrelated to the stated posture/fatigue monitoring purpose. It transmits a username/mobile/openId to a backend and can silently register users, which creates privacy, consent, and account-abuse risk—especially in a maternal-health context handling sensitive user populations.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The code loads, stores, and reuses API tokens/open tokens from local persistence via `UserDao`, extending credential lifetime beyond a single request and beyond the skill's advertised behavior. Long-lived token persistence increases the blast radius of local compromise and is not justified by the posture-analysis functionality shown here.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This shared request helper performs broad authenticated API activity, including user bootstrap, token handling, retry logic, and payment/account-failure messaging that are not reflected in the posture/fatigue skill description. Such capability expansion increases attack surface and enables backend operations beyond the user's reasonable expectations for a camera-based fatigue reminder skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
A broad default trigger on any uploaded home-camera video can cause the skill to activate in situations beyond the user’s intended pregnancy-fatigue analysis context. In a privacy-sensitive setting involving home surveillance footage, overbroad invocation increases the chance of unnecessary processing, transmission, or storage of sensitive video.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill does not prominently disclose that uploaded home video and related report data are sent to a remote API/cloud service for analysis and history queries. Because the content involves in-home video of a pregnant woman and inferred health-related activity, failure to disclose off-device transfer creates severe privacy and consent risks and could expose highly sensitive personal data to external systems without informed user awareness.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill asks for username or phone number as open-id to store and query pregnancy-related monitoring reports, but lacks a strong warning about linking sensitive health-monitoring records to real-world identifiers. This is especially dangerous because it enables straightforward identity correlation of intimate in-home behavioral data, increasing risks from unauthorized access, tracking, profiling, and secondary use.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The API documentation describes continuous in-home camera monitoring of a pregnant woman, including ROI selection, full-body observation, and target locking by appearance, but it does not warn about privacy implications, consent requirements, retention, or bystander capture. In this context, the omission is dangerous because the skill operates in highly sensitive domestic spaces and processes health-adjacent data about a vulnerable person, which can lead to covert surveillance, misuse of intimate footage, and noncompliant deployment.

Missing User Warnings

Medium
Confidence
72% confidence
Finding
The tool accepts a sensitive identifier such as OpenID, username, or phone number directly on the command line, which can be exposed through shell history, process listings, audit logs, or job schedulers. In the context of pregnancy-related monitoring, linking health-analysis activity to directly identifying information raises meaningful privacy risk and could expose sensitive medical inferences.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
Allowing a user-supplied video URL without visible validation or restrictions can enable unintended outbound requests to arbitrary hosts, potentially exposing internal network access patterns or causing retrieval of sensitive remote content if downstream components fetch the URL. In a home health-monitoring context, remote video ingestion also increases the chance of transmitting highly sensitive footage outside trusted boundaries.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs clients to upload video files or video URLs to a remote server but does not warn that this may transmit sensitive biometric and health-related data. Because the skill targets pregnant women in private home environments, the omission undermines informed consent and can expose highly sensitive household footage and inferred health information to unexpected remote processing.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill reads an entire local file and uploads it to the analysis service without any user-facing warning or confirmation in this code path. Because the content may be home video of a pregnant woman, silent upload creates significant privacy and consent concerns, especially for sensitive health-adjacent footage collected in domestic settings.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The constructor silently creates a local database and later performs schema alteration without any surrounding disclosure, consent flow, or explicit opt-in in this code path. In the context of a home monitoring skill handling potentially sensitive maternal-health-related data, silent persistence materially increases privacy and trust risks, even if it is not a classic exploit primitive.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal