Leaf Curling & Margin Scorch Diagnosis | 植物卷叶/焦边识别（干旱/病害）

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill appears to perform remote media analysis, but it also has under-disclosed identity, token storage, and mismatched generic health/video-analysis components that need review before installation.

Review this skill carefully before installing. Expect uploaded plant images/videos, remote URLs, and user identifiers such as open-id, username, or phone number to be sent to external lifeemergence services, with cloud history reports queried by that identity. Ask the publisher to replace the nonexistent yaml dependency, document privacy/retention and backend ownership, remove or secure plaintext token persistence, and align the generic health/video code and API docs with the plant-diagnosis purpose.

SkillSpector (31)

By NVIDIA

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 87% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 87% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill expands from diagnosis into a cloud-backed report retrieval/listing service, but that secondary function is not clearly disclosed in the primary description. Hidden scope expansion increases the chance that users unknowingly trigger remote data access and reporting workflows beyond the expected image-analysis task.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The workflow requires obtaining an open-id from config files or prompting for a username/phone number, but this identity requirement is not disclosed in the diagnosis-focused manifest. Collecting personal identifiers under an undisclosed pretext can violate data-minimization expectations and expose users to privacy risk if the backend or local environment is compromised.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: Requesting a username or phone number as open-id introduces unnecessary personal-data collection for a plant-leaf diagnosis function. If mishandled, this enables identity correlation with uploaded images, history records, and report URLs, expanding the privacy impact well beyond the stated agricultural use case.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill exposes generic CRUD-style operations (page/list/add/edit/delete) that are not described in the manifest, which expands capability beyond plant diagnosis into record management. This creates hidden attack surface and increases the risk of unauthorized data manipulation or abuse if these methods are reachable by the agent or connected systems.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The analysis request injects a petType parameter into a plant-leaf diagnosis workflow, which is inconsistent with the declared skill purpose and suggests hidden functionality or reused logic from another domain. In a security review, unexplained out-of-scope parameters are dangerous because they may alter backend routing, trigger unintended model behavior, or leak/poison data processing in ways not disclosed to users.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The documented API is fundamentally inconsistent with the stated agricultural leaf-diagnosis skill: it accepts generic video input and returns face detection and human health/TCM diagnosis fields. This mismatch strongly suggests the skill may route user data to an unrelated service, causing incorrect operation, deceptive behavior, and possible collection/processing of human imagery unrelated to the agricultural purpose.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The request and response semantics contradict the advertised skill intent, indicating either a swapped/copied integration or a deceptive wrapper around a different backend. In security terms, this is dangerous because operators may unknowingly send field or camera footage to an unrelated analysis endpoint and receive meaningless results, undermining trust, safety decisions, and data governance.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The implementation accepts arbitrary local files or remote URLs and forwards them to a generic analysis backend, but it does not enforce that the content is specifically plant-leaf imagery or that the returned analysis is agricultural. This creates a clear skill/implementation mismatch: users may believe they are invoking a leaf-curling diagnosis skill while actually sending broader data to a generic service, increasing the risk of unintended data exposure and misleading or unsafe diagnoses.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The code handling report summaries refers to health/body-constitution and face-analysis concepts, which contradicts the agricultural diagnosis metadata. This strongly suggests code reuse from an unrelated medical or biometric skill, raising the risk that the wrong backend, schema, or report interpretation is being used and that users receive incorrect agricultural guidance from unrelated health-analysis outputs.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The implementation materially diverges from the declared agricultural leaf-diagnosis purpose and instead behaves as a generic video-analysis wrapper. This is dangerous because users and platform reviewers may grant permissions, trust, or deploy the skill under false assumptions, while the code can process unrelated media and invoke opaque downstream behavior not justified by the manifest.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The code introduces account/history-oriented behavior via --open-id and list retrieval that is not described in the skill manifest. Hidden user-identifier handling and history access increase the risk of unauthorized data exposure, cross-user data access, or privacy misuse because operators may not expect the skill to collect identifiers or enumerate prior analyses.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The CLI help text and function descriptions consistently present this as a video-analysis tool, contradicting the agricultural leaf-image diagnosis description. Such mismatch is dangerous because it signals repurposed or mislabeled code, making security review, consent, and operational controls unreliable and increasing the chance that the skill is used outside its approved scope.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: This file exposes broad generic CRUD and raw HTTP helper methods that accept caller-supplied URLs and arbitrary arguments, which exceeds the skill's stated agricultural diagnosis purpose. In an agent environment, such generic network primitives can be repurposed to contact unintended internal or external services, expanding the attack surface and enabling misuse such as SSRF, data exfiltration, or unauthorized API access.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The http_post/http_put/http_get/http_delete methods forward caller-controlled URLs directly to the request utility with no visible validation or restriction. If an attacker can influence the URL, the skill could be abused as an arbitrary HTTP client to reach internal metadata services, probe internal networks, or send sensitive data to attacker-controlled endpoints, which is not justified by the declared leaf-diagnosis functionality.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The file defines a reusable DAO plus a sys_user model and UserDao handling account-like records, which is not justified by the stated agricultural leaf-diagnosis purpose. In a mismatched skill context, unexplained user-account storage increases the risk of hidden data collection, broader persistence than necessary, and repurposing of the skill for unrelated user tracking.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The User model stores personal profile fields and authentication-like secrets such as token and open_token without any visible purpose tied to plant diagnosis. Storing these values in a local SQLite database, apparently in plaintext and without access-control logic, creates credential theft and privacy risks if the host or database file is accessed.

Intent-Code Divergence

Medium

Confidence: 75% confidence
Finding: The module docstring describes a lightweight local CRUD wrapper, but the code also performs a hardcoded ALTER TABLE against sys_user during initialization. This discrepancy is risky because concealed schema mutation can surprise deployers, alter persistent data structures without review, and mask broader user-data handling than the documentation suggests.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: This utility code goes far beyond a leaf-diagnosis skill by performing user login/registration, retrieving tokens, and persisting credentials locally. That expands the trust boundary from image/sensor analysis into account management, creating unnecessary credential-handling and identity risks that are not justified by the stated agricultural purpose.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: Injecting recharge/payment workflow messaging into a crop diagnosis utility is out of scope and can manipulate users into installing another skill or entering a payment flow unrelated to diagnosis. Even if intended for billing recovery, it creates a phishing-like trust issue because operational failure is converted into a monetization prompt inside low-level request handling.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The helper can create or log in platform users from a supplied username/mobile number with silent/register flags, which is a powerful identity capability unrelated to leaf scorch diagnosis. If abused, it could enable unauthorized account creation, impersonation, or backend user enumeration using user-provided identifiers.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The code loads, stores, mutates, and clears authentication tokens in local data storage, increasing the chance of token theft, misuse across users, or stale credential reuse. For a plant-diagnosis skill, this persistence is not obviously necessary and broadens the blast radius if the environment or local database is compromised.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: A broad default trigger on any plant leaf image or video can cause the skill to activate unexpectedly, sending media into its analysis and cloud workflow without sufficiently specific user intent. Over-broad invocation is particularly risky here because the skill also performs file saving and remote API interactions.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation does not clearly warn users that uploaded media and identifiers are sent to a remote API and that historical reports are fetched from the cloud. This omission breaks informed consent and can expose sensitive farm imagery, metadata, and personal identifiers to third-party services without transparent notice.

Static analysis

Install untrusted source

Warn

Finding: Install source points to URL shortener or raw IP.

Dep not found on registry

Critical

Finding: 1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal