Flowering Date Prediction | 开花植物花期预测

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill claims to predict flower bloom dates, but its artifacts are mixed with unrelated pet, generic video, and human health analysis behavior plus account and token handling that needs review before installation.

Do not install this version unless the publisher explains and fixes the domain mismatch, removes unrelated pet/human-health analysis paths, documents exactly what media and identifiers are uploaded, and gates account creation and token storage behind explicit consent. If testing is necessary, use an isolated environment with non-sensitive sample plant media and disposable credentials.

SkillSpector (23)

By NVIDIA

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to read local configuration files to obtain an open-id/api-key before performing analysis. Accessing local config secrets is sensitive and not inherently required for image-based flowering prediction; it can expose workspace credentials and silently repurpose them for backend API calls without clear user approval.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill is presented as a prediction tool, but it also supports querying and displaying cloud-hosted historical reports. While not inherently malicious, this broadens data processing and account linkage beyond the primary user expectation, increasing privacy risk and the chance of exposing prior analyses or metadata.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The API documentation embedded in this skill describes pet health analysis endpoints that are unrelated to the declared flowering-date prediction purpose. This mismatch indicates the skill may be mispackaged, reused from another project, or wired to an unintended backend, which can cause unauthorized data access, incorrect API invocation, and trust-boundary confusion for integrators.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The referenced API surface targets pet health analysis rather than flowering-date prediction, creating a concrete risk that the skill could call or expose the wrong backend service. In this context, the mismatch is more dangerous because the skill is presented as an agriculture/greenhouse tool, so users and reviewers may unknowingly grant credentials or route data to an unrelated pet-health system.

Description-Behavior Mismatch

High

Confidence: 91% confidence
Finding: Injecting a hardcoded or default petType parameter into an analysis request for a flower-phenology skill strongly suggests code reuse from an unrelated domain and creates a dangerous scope mismatch between declared functionality and actual request semantics. That mismatch can cause data to be routed to the wrong backend behavior, invoke unintended model logic, or conceal undisclosed processing that users and reviewers would not expect from this skill.

Intent-Code Divergence

High

Confidence: 90% confidence
Finding: The inline comment explicitly stating that a pet-type parameter is being added reinforces that this is not an accidental variable name but a domain-inappropriate behavior embedded in the request path. In a skill advertised for flowering-date prediction, such contradictory logic is a red flag for mislabeled functionality, hidden feature carryover, or incorrect backend invocation, all of which undermine trust and may expose or mishandle user data.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The API documentation is fundamentally inconsistent with the declared skill purpose: instead of plant flowering-date prediction, it exposes a generic video-analysis service returning face detection and human health/constitution diagnosis. This mismatch is dangerous because it suggests the skill may collect and process human biometric/health-related data under a misleading agricultural label, creating a strong risk of covert surveillance, privacy violations, and unauthorized secondary data use.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: Face detection and human health diagnosis are unjustified capabilities for a flowering-date prediction skill and materially expand the data sensitivity of the system. In this context, these features could be used to analyze workers, visitors, or bystanders captured by greenhouse or drone footage, resulting in unauthorized biometric processing and inferred health profiling.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The code processes and unwraps generic/common/health AI response fields rather than any flower phenology or blooming-date prediction output. This indicates the skill implementation does not match its declared purpose, creating a serious integrity and trust issue: users may submit agricultural data but receive unrelated analysis results, suggesting code reuse or misbinding to the wrong backend capability.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The input path handling accepts arbitrary local files or remote video URLs and forwards them to an analysis API, which is inconsistent with the declared workflow of flower images plus environmental sensor data. This mismatch increases the risk of unintended data exfiltration, SSRF-style backend fetching of attacker-controlled URLs, and users unknowingly sending unrelated sensitive media to a third-party service.

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: The report-listing logic adds report URLs when commonAiResponse or healthAiResponse are present, again tying this skill to generic or health-analysis semantics rather than plant phenology. In context, this means the skill may expose or organize unrelated analysis records through a misleading interface, which can cause confidentiality issues and cross-domain data leakage if users believe they are only interacting with flower prediction reports.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The file implements a generic user-account DAO with token and profile persistence that is unrelated to a flowering-date prediction skill. This mismatch suggests unnecessary account-handling capability has been bundled into the skill, increasing attack surface and creating opportunities for unauthorized collection or misuse of user data.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The model stores token, open_token, email, birthday, age, and sex despite the skill’s stated purpose being plant phenology prediction. Retaining authentication-like tokens and personal profile data without clear necessity creates avoidable privacy and credential-exposure risk if the local SQLite database is accessed, copied, or mishandled.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: This utility does more than make API calls for flowering-date prediction: it looks up users, auto-provisions accounts via a phone-login flow, and persists tokens locally through DAO operations. That is a material expansion of scope beyond the stated agricultural purpose and creates unauthorized identity, account, and credential-handling risk if invoked without explicit user knowledge and consent.

Context-Inappropriate Capability

Medium

Confidence: 86% confidence
Finding: The code contains billing and payment-skill installation guidance in a utility for a flower prediction skill, indicating hidden monetization behavior unrelated to the manifest purpose. While not a direct code-execution issue, this mismatch increases the likelihood of deceptive workflow manipulation and unexpected user actions around charging or account funding.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill does not clearly warn users that uploaded plant images/videos, open-id values, and report queries may be sent to a cloud API and used to retrieve remote historical records. This lack of transparency undermines informed consent and creates privacy and compliance risks, especially where images, operational schedules, or account-linked identifiers are sensitive.

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The script requires an open_id value and stores it in process-wide state without any privacy notice, minimization, or explanation of how the identifier is used. In a production skill handling user-linked agricultural or operational data, collecting direct identifiers without disclosure increases privacy and compliance risk, especially if logs, downstream APIs, or shared runtime state expose the value.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The documentation instructs users to transmit videos and API keys but provides no privacy, retention, handling, or sensitive-data warnings. Because uploaded videos from fixed cameras or drones may contain people, facilities, or other sensitive operational content, the absence of disclosure and safeguards increases the risk of credential exposure, excessive data collection, and improper processing of sensitive footage.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill reads local file contents or accepts a user-supplied remote URL and submits that data to an analysis API without any visible consent prompt, warning, or disclosure in this code path. In this context, that is dangerous because users may provide greenhouse, drone, or other operational media that could contain sensitive location, proprietary cultivation, or incidental personal data, and the URL pathway may also cause the backend to fetch attacker-chosen resources.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The script requires an open-id/user identifier and stores it in a global constant for subsequent processing, but provides no clear notice about how that identifier will be used, transmitted, or retained. In a skill that may call remote analysis services and expose history-list functionality, collecting personal identifiers without transparent disclosure can lead to privacy violations, unnecessary data exposure, and weak accountability.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The DAO automatically executes an ALTER TABLE against sys_user during initialization, causing implicit schema modification on startup. Even though adding a column is not immediately destructive, automatic unreviewed schema changes can break deployments, corrupt assumptions, or be abused to introduce unauthorized persistence changes in environments that did not consent to migration behavior.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This request path automatically injects user identifiers and authentication material into outbound requests, including pnaUserName, X-Access-Token, X-Api-Key, Authorization, and tenant/platform metadata, without any visible disclosure or consent mechanism here. Combined with debug logging of request context, this creates privacy and credential-exposure risk well beyond what a simple flowering-date analysis skill would reasonably require.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The helper silently calls a remote /sys/phoneLogin endpoint with register=1, openId, mobile, and source to create or obtain a user account. Auto-registering users through a phone-login flow without an explicit user-facing disclosure or permission step is a serious privacy and consent violation and can create unwanted remote accounts tied to user identifiers.

Static analysis

Install untrusted source

Warn

Finding: Install source points to URL shortener or raw IP.

Dep not found on registry

Critical

Finding: 1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal