Fish Egg Incubation Stage Identification | 鱼卵孵化状态识别

Security checks across malware telemetry and agentic risk

Overview

This fish-egg analysis skill sends media to a cloud service as advertised, but it also under-discloses account/token handling and includes unrelated broad analysis and admin code.

Review before installing. Use it only if you are comfortable sending fish-tank images or videos, public media URLs, and a user identifier such as an open-id, username, or phone number to the configured LifeEmergence/SMYX cloud services. Avoid providing real phone numbers unless the publisher documents account creation, token storage, retention, deletion, and billing behavior clearly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (26)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Requiring the agent to retrieve an open-id or api-key from local configuration files and user-provided identity information is not necessary for basic image classification and expands access into sensitive local secrets and identity data. In context, this makes the skill more dangerous because it normalizes harvesting credentials from the workspace and coupling them to a remote backend for a task that appears to be simple visual analysis.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The added cloud history-report query feature is outside the core image-analysis purpose and broadens the data surface to include historical records tied to user identity. That increases privacy and data-exposure risk because a user invoking an egg-stage analysis skill may not expect it to enumerate prior backend reports and present linked report URLs.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The file exposes generic add, edit, and delete operations even though the skill description is narrowly about analyzing fish egg incubation stages from images. This kind of capability expansion increases the attack surface and can allow unauthorized modification or removal of camera/device-related records if these methods are reachable through the skill, which is not justified by the stated purpose.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The dedicated delete(cameraSn) method enables removal of records by camera serial number, which is unrelated to the advertised image-analysis workflow. If exposed to untrusted callers or insufficiently protected upstream, an attacker could delete device/camera records and disrupt monitoring, data continuity, or hatchery operations.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The documented API endpoint and response schema describe a generic human video-analysis service with face detection and health diagnosis, which is fundamentally inconsistent with a fish-egg incubation analysis skill. This kind of scope mismatch is dangerous because it can conceal undeclared collection and processing of human biometric and health-related data under the guise of an aquaculture tool, creating significant privacy, compliance, and trust risks.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The response format explicitly includes human face detection, face counts, and health/constitution diagnosis, none of which are justified by the stated purpose of analyzing fish eggs. In this skill context, that unjustified capability expansion is especially concerning because breeding-tank or mobile camera integrations could incidentally capture people, enabling covert biometric or sensitive health inference.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: This service exposes generic CRUD-style operations (`page`, `list`, `add`, `edit`, `delete`) that go beyond the narrowly described fish-egg incubation analysis function. In a skill that is supposed to analyze images and report incubation stages, broad record-management endpoints increase attack surface and can enable unauthorized inventory, modification, or removal of camera-related or analysis records if higher layers do not strictly enforce authorization.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The `delete(cameraSn)` method provides a direct resource-deletion capability tied to a camera identifier, which is not justified by the skill's stated purpose of passive egg-stage image analysis. In the context of a breeding-tank monitoring skill, unauthorized deletion of camera resources or associated records could disable monitoring, cause loss of operational visibility, and disrupt hatch timing decisions during a critical incubation window.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The implementation accepts arbitrary local files and remote media for submission to a backend analysis service, while the declared skill purpose is narrowly scoped to fixed-camera fish-egg incubation image analysis. This scope mismatch creates a capability-expansion risk: the skill can be repurposed as a generic media upload/analysis conduit, enabling unintended data exfiltration or processing of unrelated sensitive content.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The code accepts arbitrary http/https URLs and forwards them to the analysis API, even though the skill description implies local fixed-camera capture rather than open network ingestion. This can be abused to analyze attacker-controlled remote content, trigger backend fetches of untrusted resources, or bypass expected trust boundaries around locally captured breeding-tank imagery.

Description-Behavior Mismatch

High

Confidence: 93% confidence
Finding: The implementation materially diverges from the declared fish-egg incubation image-analysis purpose by exposing a generic video-analysis and history-listing workflow. This kind of scope mismatch is dangerous because users, reviewers, and policy controls may grant trust based on the benign manifest while the code enables broader data processing and backend access than expected.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: Accepting arbitrary network video URLs expands the attack surface beyond a fixed-camera/local monitoring tool and can let the backend fetch attacker-controlled remote content. If downstream components retrieve the URL server-side, this may enable SSRF-style access, unexpected data exfiltration, or processing of untrusted remote media outside the intended breeding-tank context.

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: This file exposes a generic network client abstraction with pagination plus arbitrary POST/PUT/GET/DELETE wrappers that are not constrained to fish-egg incubation analysis workflows. In the context of a narrowly described vision-analysis skill, these broad remote-call capabilities materially expand the skill's authority and could be reused to contact unrelated endpoints or perform unintended actions if other components pass attacker-controlled URLs or parameters.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The code includes remote resource management behavior such as add, edit, delete, and download URL generation, none of which are justified by the stated purpose of classifying fish egg incubation stages from images. That mismatch increases the chance that the skill can manipulate or expose remote resources beyond user expectations, especially if integrated into a larger agent platform where these methods are reachable indirectly.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The configuration code reads platform/user identity values from environment variables such as OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, and FEISHU_OPEN_ID, even though those identifiers are not justified by the stated fish-egg incubation analysis purpose. This expands the skill's access to potentially sensitive runtime identity data and creates unnecessary coupling between a narrow vision-analysis skill and broader platform identity context.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The file includes a very large set of scene capability identifiers spanning unrelated domains such as health, child monitoring, workplace stress, and many other surveillance or diagnostic scenarios. For a fish-egg incubation skill, this over-broad capability surface is suspicious because it suggests code reuse or latent access to functionality well beyond the declared purpose, increasing the risk of privilege creep and misuse.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The file implements a generic user-account DAO with token and profile storage that is unrelated to the stated fish-egg incubation image-analysis purpose. In a narrowly scoped vision skill, unexplained identity/account persistence increases the attack surface and creates unjustified retention of user-related data, which is a meaningful security and privacy concern even if not overtly malicious.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The model stores token and open_token fields alongside user identity data without justification from the skill's breeding-analysis purpose. Persisting authentication-like secrets in a local SQLite database broadens compromise impact: if the database is exposed, an attacker may obtain reusable credentials or integration tokens unrelated to fish-egg analysis.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: This shared utility performs far more than generic request handling: it can automatically create or log in remote accounts, persist returned tokens, attach authentication headers, and branch into payment-related flows. For a fish-egg incubation analysis skill, this is unjustified hidden capability that expands the trust boundary and can transmit or manipulate user-linked accounts without clear consent, making compromise, privacy leakage, or unauthorized service use much more likely.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The nested _get_or_create_user function silently posts identifiers such as openId and mobile to an external health API and can register a user automatically with register=1. In the context of image-based fish egg stage detection, this behavior is unrelated and dangerous because it can create external accounts and disclose user identifiers without necessity or user awareness.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The utility returns a payment recharge workflow message when it receives status 402, including instructions to install another payment skill and top up an account. That billing logic is unrelated to incubation-stage detection and indicates hidden monetization/account coupling, which can mislead users and create unauthorized cross-skill interactions.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The API documentation instructs clients to upload videos or submit public video URLs together with an API key, but provides no warning about privacy, retention, or handling of potentially sensitive captured footage. In a camera-based skill, this increases the risk of users unknowingly transmitting footage that may include people, homes, or other sensitive surroundings without informed consent or clear data-governance expectations.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill reads the entire local file into memory and uploads it to the analysis API without any visible user disclosure, consent step, or warning in this code path. For a skill presented as aquarium incubation assistance, silent transmission of user media creates privacy and data-handling risk, especially if operators assume processing is local or device-bound.

Missing User Warnings

Medium

Confidence: 78% confidence
Finding: The CLI requires an open-id that may be a phone number, username, or other personal identifier, but provides no minimization, masking, consent notice, or privacy guidance. This creates unnecessary privacy risk because sensitive identifiers may be exposed in shell history, logs, process listings, or stored service-side without clear disclosure.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill accesses environment variables containing user identifiers without any indication in the skill description or code comments that potentially sensitive runtime metadata is being consumed. In the context of a narrow fish-egg image-analysis skill, undisclosed access to identity-related environment data is unnecessary and increases privacy and data-minimization risk.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal