Thermal Relative Fever Screening (Multi-Person Gathering) | 家庭多人聚集时体温相对异常检测

Security checks across malware telemetry and agentic risk

Overview

This skill matches a remote health-video analysis workflow, but it handles sensitive footage and identity data with under-disclosed account creation, token storage, and broader analysis behavior than the fever-screening description suggests.

Review this carefully before installing. Only use it if you are comfortable sending thermal or video footage and persistent identifiers to the listed external services, and if all recorded people have consented. Do not reuse an API key as a user identifier. Avoid installing until the publisher narrows the API scope to fever screening, removes hidden account/token persistence or documents it clearly, and adds explicit upload, retention, deletion, and history-access controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (22)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 81% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 81% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill includes cloud history-report queries and persistent handling of user identifiers beyond the immediate analysis task. For a health-screening workflow, retaining and querying historical records increases privacy risk, enables profiling, and creates unnecessary exposure of sensitive participant data.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The instructions explicitly direct the agent to read configuration files and repurpose an 'api-key' as an open-id. Using a secret from config as a user identifier is a credential misuse pattern that can leak secrets, confuse identity boundaries, and cause unauthorized access to cloud resources or other users' records.

Description-Behavior Mismatch

Medium

Confidence: 83% confidence
Finding: The documentation says open-id is mandatory, while also presenting optional API-key usage and remote-service processing. This inconsistency obscures the real trust and authentication model, making it easier to send sensitive thermal video to remote services without clear user understanding of identity, authorization, and data flow.

Intent-Code Divergence

High

Confidence: 95% confidence
Finding: The inline comment and corresponding logic indicate the skill may inject a `petType` parameter into analysis requests, which directly conflicts with the stated human fever-screening purpose. In a health-monitoring skill deployed in homes, schools, or care settings, this kind of hidden cross-domain parameter strongly suggests code reuse or undocumented behavior that can misroute analysis, produce misleading results, or send data to a backend expecting different semantics.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: Adding `petType` to the analysis request is inconsistent with the declared purpose of measuring human relative temperature anomalies. In this context, undocumented parameters sent to a backend health-analysis service are risky because they can alter model selection or routing, cause incorrect health alerts, and indicate hidden functionality or repurposed infrastructure handling data outside user expectations.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The API document describes a generic remote video-analysis endpoint that performs face detection and broad health inference, which materially exceeds the skill’s declared purpose of relative thermal fever anomaly screening. This scope mismatch is dangerous because it can conceal undeclared collection and processing of sensitive biometric and health data, creating a strong risk of deceptive behavior, overcollection, and unauthorized secondary use.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The documented outputs infer constitution type, organ condition, complexion-based interpretations, and lifestyle advice from video, which are highly sensitive health-related claims unrelated to simple fever pre-screening. In this skill context, those inferences are especially dangerous because the deployment targets homes, kindergartens, and nursing facilities, increasing the risk of intrusive profiling, misdiagnosis, and inappropriate monitoring of vulnerable individuals.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The implementation accepts arbitrary local files or remote video URLs and forwards them to a backend `analysis` API without constraining processing to the advertised thermal relative-fever use case. In a health-monitoring context, this creates scope creep into broader face/health analysis and enables collection or processing of sensitive biometric/health data beyond user expectations, increasing privacy and compliance risk.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The historical report listing exposes generalized `healthAssessment.subject` values from prior analyses rather than only relative temperature anomaly alerts. In this skill's context—screening people in homes, meeting rooms, kindergartens, and nursing homes—showing broader health assessment data materially increases exposure of sensitive health information and may disclose data unrelated to the stated purpose.

Description-Behavior Mismatch

Medium

Confidence: 82% confidence
Finding: The CLI permits arbitrary URL-based video analysis and historical listing functionality that exceed the stated local fever-screening use case. In a health-monitoring context, this broader interface can enable unintended processing of remote videos and access to prior analysis data, increasing privacy risk and making it easier to repurpose the skill beyond the user-expected on-premises thermal screening workflow.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The file implements a generic persistence layer and a sys_user model with account-oriented fields that are not necessary for the described thermal fever-screening function. This mismatch between manifest and code is a strong indicator of overcollection or hidden functionality, increasing the risk that the skill processes personal data beyond user expectations. In a health-monitoring context, undeclared identity storage is especially sensitive because it can link health-related observations to specific individuals.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The User model stores authentication tokens, open tokens, email, birthday, age, and sex even though the skill is presented as a relative-temperature anomaly detector. Collecting and persisting tokens plus personal profile data creates substantial privacy and account-compromise risk, especially if the local SQLite database is accessed by other processes or exfiltrated. In this context, combining health screening with unnecessary identity and token storage materially increases harm because it enables correlation of sensitive health signals with user identities and credentials.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The generic HTTP helper contains unrelated account provisioning, token bootstrap, persistence of returned tokens, and billing-failure handling that go far beyond a thermal fever-screening utility. Embedding these side effects in a low-level request function makes any caller implicitly trigger identity and payment-related flows, increasing the chance of undisclosed data transmission, unauthorized account creation, and abuse if the utility is reused broadly.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: This code can silently create or log into a remote user account using a username/mobile/openId and then store received tokens, despite the skill being described as health anomaly detection. In this context, hidden account provisioning is especially concerning because users would not expect a fever-screening feature to register them with external services or couple health monitoring to platform identity creation.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The utility injects recharge/payment workflow messaging when a 402 response occurs, which is unrelated to detecting temperature anomalies and indicates hidden monetization behavior inside infrastructure code. This can manipulate users into installing additional skills or making payments from within a health-related feature, creating trust and transparency issues.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad enough to activate on general health-related conversation, not just explicit requests to analyze thermal footage. Overbroad auto-triggering can cause unexpected processing of sensitive health content or accidental invocation of cloud/report features without deliberate user intent.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill handles thermal video and derives health-related alerts, yet it lacks a clear upfront notice that data may be saved, transmitted to a cloud API, and tied to persistent identifiers and historical reports. In this context, insufficient disclosure is especially dangerous because the content concerns sensitive biometric/health-adjacent information and may involve children or elderly people.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The API supports uploading video files or sending publicly accessible video URLs but provides no warning about transmitting footage of people in private or semi-private spaces to a remote server. Because the skill is designed for continuous monitoring in homes and care settings, this omission raises real privacy and surveillance risks, especially where bystanders, children, or elderly people may be recorded without informed consent.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The code reads the full contents of a local file and transmits it to a remote analysis service, but this path contains no user-facing notice, consent confirmation, or privacy guardrails. For a skill dealing with potentially sensitive videos of people in private spaces and health-related inference, silent upload of local media creates a meaningful confidentiality and compliance risk.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The code sends user identifiers such as mobile/username/openId and attaches authentication headers (X-Access-Token, X-Api-Key, Authorization) to outbound requests without any visible consent, disclosure, or minimization in this file. In a health-screening context, this is more dangerous because it can link sensitive health-related activity with persistent identity and auth data on remote services.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal