Back to skill

Security audit

Pet Adaptive Drying Temperature Recommendation | 宠物烘干温度自适应推荐

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its pet-analysis purpose, but it silently creates or reuses identity state, registers/logs in to a cloud service, stores tokens locally, and can query cloud history without clear user confirmation.

Review before installing. Use it only if you are comfortable sending pet images/videos or URLs to the Life Emergence cloud service and allowing the skill to create/reuse a local identity, store session tokens in a workspace SQLite database, and query cloud report history. Avoid installing it in highly sensitive workspaces unless you have reviewed the endpoints, retention expectations, and local data files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (20)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            if offset:
                query = query.offset(offset)
Confidence
79% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low
Category
Dangerous Code Execution
Content
if filters:
                for key, value in filters.items():
                    query = query.filter(getattr(self.__model__, key) == value)

            return query.scalar()
        finally:
Confidence
78% confidence
Finding
query = query.filter(getattr(self.__model__, key) == value)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises and instructs use of shell execution, file read/write, network access, and environment-dependent behavior without declaring permissions or constraining when those capabilities may be used. This creates a hidden trust boundary: a caller may believe the skill is low risk while it can process local files, fetch remote content, and query cloud APIs, increasing the chance of unintended data access or SSRF-style abuse via supplied URLs.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script includes a hidden `--list` mode and suppressed `--open-id` parameter that allow retrieval of prior analysis records by user identity, which is outside the advertised drying-temperature recommendation function. This creates an unnecessary data-access surface and may expose historical user-associated records if identity resolution or authorization checks in downstream helpers are weak or bypassable.

Context-Inappropriate Capability

Low
Confidence
81% confidence
Finding
The skill exposes a report-history listing capability unrelated to the declared single-analysis workflow, increasing the accessible data surface. If invoked without strong caller scoping or authorization in downstream services, it could reveal prior analysis metadata or report links to unauthorized users.

Context-Inappropriate Capability

Low
Confidence
74% confidence
Finding
The historical listing capability expands the skill beyond its declared single-item analysis purpose and may expose prior analysis outputs tied to an open_id. In a media-analysis context involving pet photos/videos and possibly user-associated identifiers, unnecessary history access increases privacy and data exposure risk if invoked without clear authorization boundaries.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The `get_user_by_username` helper introduces generic account-enumeration capability that is unrelated to pet image analysis or temperature recommendation. In a skill that should process pet media, exposing user lookup expands the reachable attack surface and may enable unauthorized querying of account data or support later privilege abuse if other components call this method with untrusted input.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
This file exposes broad generic CRUD wrappers and arbitrary HTTP verbs that are far wider than the declared purpose of pet drying analysis. In context, such reusable network primitives can be repurposed by other skill code to access unintended backend endpoints or transmit unexpected data, violating least privilege and increasing the chance of data exfiltration or unauthorized actions.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This file implements a generic persistent user/account DAO and shared SQLite storage layer, which materially exceeds the declared scope of a pet-image drying-temperature analysis skill. Scope mismatch increases risk because it introduces durable identity handling and cross-feature data persistence that could collect or retain user information unrelated to the advertised function.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The User model stores identity and authentication-related fields including username, realname, email, token, and open_token, none of which are necessary for pet drying curve generation from an image/video. In this skill context, collecting and persisting such data is especially risky because users would not reasonably expect account/token storage from a pet-care analysis feature, increasing privacy and credential exposure impact if the local database is accessed.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This utility provisions and persists user identity state unrelated to the declared pet-drying analysis function, including reading fallback identity values and creating default user identities. That creates hidden account/identity management behavior and expands the skill's authority beyond what a user would reasonably expect from an image-based temperature recommendation tool.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The HTTP wrapper silently performs phone-login/registration, obtains tokens, caches them, and injects them into outbound requests. For a pet image drying-analysis skill, this is overprivileged behavior that can create accounts and transmit credentials without informed user action, significantly increasing privacy and misuse risk.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The code inspects workspace layout, identifies agent context, and creates agent-scoped data and skills directories. While not directly exploitative on its own, these capabilities are broader than needed for pet drying analysis and can facilitate persistence, cross-skill state management, and future expansion into modifying the local agent environment.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The default trigger is broad enough to activate on essentially any pet full-body image or video, even when the user did not clearly request drying-temperature analysis. Overbroad invocation can cause unnecessary processing of user media and unintentional transmission of sensitive files or URLs to backend services.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The history-report function is set to auto-trigger from broad keyword matching, which risks exposing cloud-stored report metadata when a user merely mentions reports in passing. Because report retrieval is tied to an internal identity flow, unintended activation could leak private historical records associated with the current account context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code forwards user-supplied remote URLs or uploads full local file contents to an external analysis service without any visible consent, notice, or data-handling disclosure in the skill flow. In a pet-image/video context, this can transmit sensitive household imagery, metadata, or third-party-hosted content unexpectedly, creating privacy and compliance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script accepts local file paths or remote URLs and forwards the media for analysis through backend APIs, but it provides no explicit user-facing notice that content will leave the local environment. Because the skill handles full-body pet images/videos and can also process network URLs, undisclosed transmission can surprise users, violate privacy expectations, and increase the chance of sending sensitive or proprietary media to external services.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code reads a workspace file named smyx-api-key.txt to derive an internal identity value without any visible disclosure or consent mechanism. Accessing sensitive local identity material in a skill whose manifest describes pet media analysis violates user expectations and can enable unauthorized account association or impersonation.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Outbound requests automatically attach user identifiers and tokens such as X-Access-Token, X-Api-Key, Authorization, and pnaUserName, with no user-facing notice in this code path. In the context of a pet-care skill, covert transmission of identity/authentication data materially raises privacy and account-security risk if endpoints are misused, compromised, or broader than advertised.

External Transmission

Medium
Category
Data Exfiltration
Content
"source": ConstantEnum.DEFAULT__SKILL_HUB_NAME
            }
            try:
                _response = requests.post(_url, json=_data)
                if _response.status_code == 200:
                    _response_json = _response.json()
                    if _response_json and _response_json.get("success"):
Confidence
93% confidence
Finding
requests.post(_url, json=

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
skills/smyx_common/scripts/config-dev.yaml:2