ClawHub

Teen Phone / Game Screen Addiction Detection | 青少年沉迷手机/游戏行为识别

Security checks across malware telemetry and agentic risk

Overview

The skill targets a sensitive teen-monitoring use case and has under-disclosed remote upload, identity, account, history, and health-analysis behavior that warrants Review before installation.

Install only after confirming who operates the remote API, exactly what video and identifiers are sent, whether accounts are created automatically, where tokens and reports are stored, how reports can be deleted, and that guardian plus adolescent consent is obtained. Replace the invalid `yaml` dependency with the intended package before any installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (20)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill requests or implies powerful capabilities (environment access, file read/write, network, and shell execution) without declaring permissions or clearly constraining their use. In a skill that processes videos of minors, hidden capability breadth increases the risk of undisclosed data access, local persistence, and exfiltration beyond the user's expected posture-analysis function.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented behavior extends well beyond the stated adolescent screen-use analysis purpose by performing account login/registration, storing identity and auth tokens locally, and exposing generic cloud report retrieval functions. This mismatch is dangerous because users may consent to visual analysis of a child while unaware the skill also handles credentials, persistent identifiers, and broader cloud-linked data operations.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill instructs collection of an open-id from config files or directly from user identity attributes such as username or phone number, which exceeds the core visual-analysis purpose. For a minor-monitoring workflow, this expands data collection into sensitive personal identifiers and creates a pathway for unnecessary identity linkage across local files and cloud services.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill broadens scope from real-time monitoring to cloud-backed historical report querying and listing, increasing the amount and duration of personal data processing. In the context of monitoring minors, persistent history and remote retrieval materially raise privacy and surveillance risk, especially if users expected only ephemeral local reminders.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The workflow says uploaded videos are automatically saved locally and parent daily reports are persisted, which is a significant expansion from a simple monitoring/reminder feature. Storing raw or near-raw data about minors creates elevated risks of unauthorized access, secondary use, and long-term surveillance harms, especially because the skill itself states such video should not be stored long term.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The script is presented as an adolescent screen-addiction detector, but its core path delegates directly to a generic skill interface and exposes a pet-oriented selector (`cat`, `dog`, `other`). That mismatch is dangerous because it can cause users to rely on incorrect or mislabeled analysis in a sensitive child-monitoring context, undermining trust, consent, and safety decisions based on the output.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The help text states that an API key is required, but the code neither enforces its presence nor uses it in the analysis path. This creates a security boundary illusion: operators may assume authenticated remote analysis is happening when in fact requests may run unauthenticated or through unintended code paths, leading to misconfiguration and possible unauthorized service use.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documented API behavior is materially inconsistent with the skill’s stated purpose. A skill presented as adolescent screen-use posture/addiction monitoring instead sends video to a generic remote analysis service that returns face detection, constitution typing, organ-condition assessments, and health advice, indicating hidden or overbroad functionality and possible deceptive data use. In the context of minors and home/school cameras, this mismatch significantly raises the risk of unauthorized sensitive processing.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Inferring organ condition, constitution type, and health recommendations from uploaded video is unrelated to the stated screen-addiction use case and constitutes sensitive health profiling without justification. Because the skill targets adolescents and may operate in bedrooms, homes, or classrooms, such overcollection and ungrounded medical inference increases privacy, compliance, and misuse risks substantially.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill accepts arbitrary http/https video URLs and forwards them for analysis, which expands the data ingestion scope beyond the stated fixed-camera/home-school use case. This can enable analysis of third-party or untrusted remote content, increase privacy/compliance risk, and potentially let the backend fetch attacker-controlled URLs without clear origin restrictions.

Description-Behavior Mismatch

Low
Confidence
80% confidence
Finding
The code generates and exposes report export-image links that are not described in the manifest's reminder-focused behavior, creating an undocumented data access path. For a system processing minors' camera-derived behavior reports, extra export functionality increases privacy and unauthorized-sharing risk even if the code shown does not itself bypass access control.

Context-Inappropriate Capability

Low
Confidence
78% confidence
Finding
The skill includes report-history/list retrieval that is broader than the stated real-time detection and reminder purpose, which creates additional access to accumulated behavioral data. In the context of adolescent monitoring, retaining and exposing historical records raises privacy and surveillance concerns, especially if access scope and retention are not tightly controlled.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The request helper can silently create or log in a user account by sending a phone number/openId to an external health API before making ordinary requests. That behavior is unrelated to the stated camera-based screen-posture monitoring function and can cause undisclosed account creation, identity linkage, and transmission of personal data to a third party without explicit user consent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
A broad default trigger that activates on any uploaded camera video can cause analysis of unintended content without clear user intent. In this context, that could lead to silent processing of sensitive footage from homes, bedrooms, or classrooms involving minors, which is especially risky given the cloud/reporting features described elsewhere.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill describes sensitive surveillance of minors in bedrooms, homes, and schools, plus cloud history retrieval, without a prominent upfront warning about privacy, remote processing, and data sharing boundaries. Because the subject matter involves children and potentially intimate spaces, insufficient disclosure and consent handling substantially increase legal, ethical, and security risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The CLI requires `open-id` values that may be a user ID, username, or phone number, and stores that identifier in a process-wide variable without any privacy notice, minimization, or handling safeguards. In the context of monitoring adolescents in homes and schools, collecting direct identifiers without disclosure or controls increases privacy, compliance, and misuse risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The API requires uploading videos or passing public video URLs to a remote endpoint, but the documentation gives no warning that privacy-sensitive footage is being transmitted off-device. Since the skill is intended for continuous monitoring of adolescents in private spaces, undisclosed remote transfer of video can expose highly sensitive biometric and behavioral data to interception, retention, or secondary use.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill reads a local file in full and submits its contents for remote analysis without any visible user-facing notice, consent checkpoint, or minimization step in this code path. Because the skill handles videos of adolescents in homes, bedrooms, study rooms, or classrooms, silent upload of local media materially increases privacy and legal/compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This code performs outbound requests to a remote phoneLogin endpoint and may auto-register a user with 'register': 1 and identifiers derived from the username, yet there is no notice or consent mechanism in this file. Silent remote account creation is a privacy and transparency problem, especially when the skill concerns monitoring adolescents in homes and schools.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The generic request helper sends data, params, and authentication material to remote endpoints and automatically enriches payloads with tenant code, platform, skill hub name, and username. In a skill that processes sensitive youth behavior in private spaces, undisclosed external transmission increases privacy risk and broadens the blast radius if endpoints are misused or compromised.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal