Back to skill

Security audit

Pet Stool Morphology Recognition Analysis | 宠物排便形态识别(狗厕所/户外)

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform the advertised cloud pet-stool image/video analysis, but it also creates or reuses account identity, stores token-like data, and accesses report history with incomplete user-facing controls.

Review this skill before installing. It sends pet images/videos or URLs to Life Emergence backend services and may link those reports to a persistent local identity, create/reuse an account identifier, store token-like values in the workspace data directory, and retrieve historical reports. Install only if you are comfortable with those account, media upload, history, and retention behaviors, and ask the publisher for clear deletion, retention, and credential-storage documentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (20)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill exposes operational capabilities including local file handling, shell execution, network access, and environment usage, but does not declare permissions or provide equivalent transparency. This creates a trust gap: users and hosting agents cannot accurately assess what the skill may access, increasing the risk of unexpected data access or outbound transmission when processing uploads and URLs.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script exposes a `--list` pathway that retrieves prior pet health analysis records via `skill.get_output_analysis_list(open_id=open_id)`, but this capability is not reflected in the stated skill purpose, which is limited to analyzing user-supplied media. Undisclosed history retrieval expands the data-access surface and can expose prior sensitive pet-health observations if triggered unexpectedly or if identity resolution is weak.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The code initializes and relies on an internal user identity (`OpenIdUtil.resolve_current_open_id(...)` and `ConstantEnum.CURRENT__OPEN_ID`) even though the skill is presented as simple image/video analysis. Hidden identity binding creates a privacy and authorization risk because media-analysis requests can implicitly become account-scoped data operations, especially when combined with the listing capability.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
This service exposes broad generic CRUD and arbitrary HTTP wrapper methods that are not constrained to the stool-image analysis use case. In an agent skill that accepts user-provided files and network URLs, these primitives can enable unintended backend actions or access to unrelated internal APIs if higher layers pass attacker-influenced endpoints or payloads.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The file implements a generic user account persistence layer, including identifiers and tokens, which is not justified by a dog stool morphology analysis skill. This creates unnecessary collection and retention of personal/authentication-related data, increasing privacy and misuse risk if the database is exposed or reused across skills.

Context-Inappropriate Capability

High
Confidence
92% confidence
Finding
The User model persists token and open_token fields even though the declared skill only performs pet stool image/video analysis. Storing credential-like material without clear necessity substantially increases account compromise risk if the local SQLite database is read by another component, leaked, or shared across agent workspaces.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The utility code creates and persists user identities/open IDs and updates global current-user state, which materially exceeds the declared stool-image analysis purpose. This hidden identity provisioning can cause undisclosed account creation, cross-session tracking, and unauthorized reuse of local identities, especially in an agent workspace shared with other skills or users.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The HTTP helper does far more than issue API calls: it auto-resolves identities, attempts remote account bootstrap, loads tokens from local storage, and persists returned tokens locally. For a stool morphology skill, this is unexpected and creates a hidden authentication/data-flow surface that could expose user identity, enable silent account linkage, and persist secrets beyond user awareness.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The code probes environment variables, script paths, and workspace layout to detect agent context and choose data/skills directories. That behavior is unrelated to stool recognition and increases the skill's visibility into host structure, which can aid fingerprinting, data discovery, and unintended interaction with other agent workspaces.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This code reads a local API-key-associated file and accesses database-backed user records to reuse or create identities unrelated to pet stool morphology recognition. Such undisclosed local identity harvesting and persistence can expose sensitive workspace data and create persistent tracking or account takeover risks if the local store is shared or compromised.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states that uploaded attachments or media files are automatically saved as local files, but it does not clearly warn users that their uploads will persist on disk. This can expose sensitive pet-health or household imagery to unintended retention, later access by other processes, or forensic recovery if local storage is not properly managed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends user-provided images, videos, or URLs to server-side/cloud APIs for analysis and historical report retrieval without a clear privacy or transmission warning. Even if the content is not highly regulated medical data, it may still reveal household environment, location clues, pet ownership, and behavioral patterns that users may not expect to leave the local system.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents automatic reuse or creation of a default local user identity to associate reports, while explicitly preventing disclosure of that identity to the user. Hidden identity persistence and silent report linkage can cause cross-session tracking and accidental mixing of data between users on shared systems, with no informed consent or visibility.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The comment and implementation indicate hidden internal identity resolution that is neither required from the user nor shown in help output. This lack of transparency is dangerous because it can silently associate requests with a user account and enable access to historical analysis data without clear user awareness or informed consent.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The function sends user-supplied local paths or URLs to a backend analysis service via skill.get_output_analysis without any explicit notice, consent flow, or visible data-handling warning. In a pet-health context, uploaded media may contain private household imagery, location clues, or bystander content, so silent transmission to a remote service creates a meaningful privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill silently reads data/smyx-api-key.txt to derive an internal identity value without disclosure. Even if intended as convenience, accessing a sensitive workspace credential artifact behind the scenes violates least surprise and can leak or misuse credentials from outside the skill's stated purpose.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The request helper injects identity and authorization headers and sends identity-bearing fields such as pnaUserName/openId without any user-facing notice. In a media-analysis skill, this hidden transmission expands privacy risk because users may believe only image/video content is being analyzed, not that account identifiers are also being sent upstream.

External Transmission

Medium
Category
Data Exfiltration
Content
"source": ConstantEnum.DEFAULT__SKILL_HUB_NAME
            }
            try:
                _response = requests.post(_url, json=_data)
                if _response.status_code == 200:
                    _response_json = _response.json()
                    if _response_json and _response_json.get("success"):
Confidence
91% confidence
Finding
requests.post(_url, json=

Hidden Instructions

High
Category
Prompt Injection
Content
|---|---|
| 📚 文档读取 | 仅在需要时读取参考文档,保持上下文简洁 |
| 📁 格式支持 | 文件要求:支持 jpg/jpeg/png/bmp/webp 图像 与 mp4/avi/mov 视频,最大 10MB |
| 🧑‍⚖️ 结果性质 | 分析结果仅供健康参考,不提供疾病诊断或治疗建议 |
| 🚫 脚本限制 | 禁止临时生成脚本,只能用技能本身的脚本 |
| 🌐 网络地址 | 传入的网络地址参数,不需要下载本地,默认地址都是公网地址,API 服务会自动下载 |
| 📜 报告输出 | 当显示历史分析报告清单的时候,从接口返回 json 数据中提取字段 `` 作为超链接地址,且自动转化为如下 Markdown |
Confidence
82% confidence
Finding

YARA rule 'agent_skill_mcp_tool_poisoning_metadata': MCP/tool metadata poisoning indicators in tool schemas or skill manifests [agent_skills]

High
Category
YARA Match
Content
---
name: "smyx-pet-stool-morphology-recognition-analysis"
description: "Triggers when a user provides an image/video URL or file of dog toilet area or outdoor dog-walking path for analysis; supports local uploads or network URLs to call server-side APIs for pet stool morphology recognition, analyzing stool color (brown, black, red, white), shape (formed, loose/soft, watery, granular hard), and the presence of blood or mucus, outputting standardized abnormal observation features to help early discovery of gastrointestinal diseases (without diagnosing diseases). Application scenarios: dog toilets, outdoor dog-walking path cameras, pet health monitoring, multi-pet households. | 当用户提供狗厕所或户外遛狗路径区域的粪便图像/视频时,触发本技能进行排便形态识别分析;支持通过上传本地文件或网络URL,调用服务端API识别粪便颜色(棕、黑、红、白)、形状(条状、稀糊、颗粒)、是否带血或粘液,输出异常特征观察结果,帮助早期发现肠胃疾病(不诊断疾病)。应用场景:狗厕所、遛狗路径摄像头、宠物健康监测、多宠家庭。"
version: "1.0.5"
license: "MIT-0"
---
Confidence
84% confidence
Finding
description:; ‍

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
skills/smyx_common/scripts/config-dev.yaml:2