Leaf Aging Fall Prediction | 植物叶片老化/脱落预测

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This plant-care skill needs review because it sends media to external services while also containing unrelated face/health analysis, silent account handling, token storage, and a risky dependency declaration.

Install only after confirming the publisher, the exact remote API destination, what images/videos and identity fields are uploaded, whether people in indoor camera footage are rejected or redacted, how tokens and reports are stored/deleted, and why payment/account creation is present in a plant-care skill. Prefer a revised version that removes face/health analysis code, uses explicit consent before upload or history lookup, and replaces the unresolved yaml dependency with a valid package such as PyYAML.

SkillSpector (16)

By NVIDIA

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to read local configuration files and repurpose an api-key as a user's open-id, mixing service credentials with user identity data. This is dangerous because it can leak or misuse credentials from local files and creates an unjustified path to access secrets unrelated to the user's plant-analysis request.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill claims AI vision/time-series prediction functionality, but its instructions focus on invoking a remote API and listing cloud-hosted reports. This mismatch hides data flows and trust boundaries, increasing the risk that users unknowingly send plant images, metadata, or report queries to external services.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The API documentation is materially inconsistent with the stated plant leaf-aging purpose: it defines a generic video-analysis endpoint that returns face detection and human health diagnosis data. In the context of a houseplant skill using indoor cameras, this creates a strong risk of covert collection and processing of human biometric and sensitive health-related information under a misleading cover story.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: Documenting face detection and human constitution/organ-condition diagnosis is unjustified for a plant-care skill and indicates functionality outside the declared scope. Because the skill uses fixed indoor cameras, it could capture residents or workers incidentally, turning a benign plant-monitoring deployment into undisclosed biometric surveillance and sensitive health inference.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The implementation materially diverges from the stated plant leaf-aging skill and instead performs generic video/file analysis, report polling, export-link generation, and history listing. This mismatch is dangerous because users may submit plant imagery under the assumption of narrow-purpose processing while the code routes arbitrary local files or URLs to a broader backend, creating a trust-boundary violation and potential unauthorized data handling.

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: Comments and output logic reference health/constitution and face-analysis concepts that are unrelated to plant care, indicating code reuse from another domain and possible cross-domain API/data mixing. In a security context, this raises the risk that the skill could expose or process the wrong category of data, misleading users about what is being analyzed and increasing the chance of accidental privacy or integrity violations.

Context-Inappropriate Capability

Medium

Confidence: 83% confidence
Finding: The script accepts arbitrary remote URLs and forwards them into the analysis path even though the declared skill only needs fixed local camera imagery. If downstream code fetches or processes attacker-controlled URLs, this expands the attack surface for SSRF, access to internal resources, or ingestion of untrusted content unrelated to the stated plant-care use case.

Context-Inappropriate Capability

Medium

Confidence: 86% confidence
Finding: The model stores authentication-like tokens and user profile fields even though the skill description is about leaf-aging prediction and does not justify account/token handling. Unnecessary collection and local persistence of tokens broadens the attack surface and can expose sensitive credentials if the SQLite file or logs are accessed by other local users, backups, or malware.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The utility layer performs hidden account login/registration via /sys/phoneLogin, derives identity from API_SECRET_KEY or current username/open ID, and persists tokens locally through UserDao. That behavior is materially unrelated to a leaf-aging prediction skill and creates a silent identity, token, and account-lifecycle side channel that could expose user data or enroll users in backend services without informed consent.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The code injects a recharge/payment workflow when it receives HTTP 402, instructing the user to install a payment skill and top up an account. This monetization flow is unrelated to plant analysis and can manipulate users into taking financial actions from inside a low-risk gardening skill context.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The default trigger activates on broadly described user uploads or topical keywords, which can cause unintended execution and automatic handling of attachments. Overbroad triggering is risky because it may process files, save data locally, or initiate remote calls when the user did not clearly request this specific skill.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill does not clearly warn users that uploaded plant images, videos, and report queries will be transmitted to cloud services for processing and history lookup. Lack of transparent notice and consent can expose personal or environmental imagery and associated metadata to third parties without informed approval.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The skill states that uploaded attachments are automatically saved as local files, but does not present that as a clear user-facing warning or consent step. Automatic local persistence can create unnecessary retention of user data and broaden exposure if the workspace is shared or later accessed by other components.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation instructs clients to upload videos or provide public video URLs plus an API key, but gives no privacy, retention, consent, or data-handling guidance. For an indoor-camera skill, this omission is dangerous because uploaded footage may contain people, homes, and other sensitive environmental details, increasing the chance of unauthorized collection, sharing, or misuse.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill reads local files into memory and forwards either file contents or a remote video URL to an external analysis API without any user-facing notice, consent flow, or destination transparency in this file. This is risky because sensitive local media or internal URLs could be exfiltrated to a backend unexpectedly, especially given the mismatch between the advertised plant-care purpose and the generic upload behavior.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The request helper automatically transmits request bodies and authentication headers, including tokens and pnaUserName, to external services and may also create accounts and attach tenant/platform metadata. In debug mode it logs request details and partial header values, increasing the chance of sensitive data exposure and making outbound data flows opaque to the user.

Static analysis

Install untrusted source

Warn

Finding: Install source points to URL shortener or raw IP.

Dep not found on registry

Critical

Finding: 1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal