ClawHub

Rose Pest & Disease Detection | 月季/玫瑰常见病虫害识别 | 月季/玫瑰常见病虫害识别

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This rose diagnosis skill sends media to a cloud service, but its shipped code and documentation include mismatched health/video/account features and undisclosed token persistence that users should review carefully.

Install only if you are comfortable sending rose images or URLs, an open-id such as a username or phone number, and report history requests to the publisher's cloud service. Ask the publisher to remove the unrelated health/video/pet code, fix the `yaml` dependency, document retention/deletion controls, and explain why local account/token storage is required before relying on it.

SkillSpector (37)

By NVIDIA

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Requiring an open-id tied to a username or phone number for basic plant image analysis collects personally identifiable information that is not necessary for the core function. Coupling that identifier with cloud history lookup creates an unnecessary identity-to-data linkage that could expose past reports or enable account correlation.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The instructions tell the agent to read configuration files and repurpose an api-key as a user's open-id before performing analysis. This is a credential-handling anti-pattern that can expose secrets, confuse authentication with user identity, and lead to unauthorized access to cloud-backed report data.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest presents the skill as a rose pest detector, but the instructions also include automatic local file saving and cloud-backed history management. This expands the data lifecycle beyond what a user would reasonably expect from a simple image diagnosis tool and increases privacy and retention risk.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The API documentation clearly refers to pet health analysis endpoints and scenario codes, which conflicts with the skill’s declared purpose of rose pest and disease detection. This kind of domain mismatch is dangerous because it can indicate the skill is wired to the wrong backend, causing inappropriate data handling, incorrect model execution, or disclosure of unrelated report data if invoked in production.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The documented backend behavior appears to support pet health analysis rather than rose image disease detection, suggesting a possible functional misbinding between the skill and its service layer. If the skill actually calls these endpoints, users may send plant images or metadata into an unrelated health-analysis system, leading to incorrect outputs, privacy boundary violations, or access to unrelated historical/exported reports.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
This rose pest/disease detection skill exposes generic page/list/add/edit/delete operations that go beyond the stated image-analysis purpose. In a skill expected to only submit images for analysis, extra CRUD/history endpoints expand the attack surface and may enable unauthorized record manipulation or access to retained data if other layers do not strictly enforce authorization.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The analysis request injects a petType parameter and even includes a comment stating a pet-type parameter is being added, which is inconsistent with a rose disease-detection skill. This mismatch suggests code reuse or hidden cross-domain behavior that can misroute data, produce incorrect backend behavior, or cause users to send plant images and metadata to an unintended model or service.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The inline comment explicitly says a pet-type parameter is being added, directly contradicting the advertised rose-analysis functionality. Such contradictions are a strong indicator of mismatched or repurposed code, which is dangerous because it undermines trust in where data is sent and what backend logic is actually being invoked.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The documented API endpoint and schema describe generic video analysis with face detection and health diagnosis, which is fundamentally inconsistent with a rose pest/disease image-analysis skill. This mismatch is dangerous because it suggests the skill may route user data to an unrelated service, potentially collecting human facial or health-related information under false pretenses and breaking user trust, consent, and data-minimization expectations.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
Presenting this file as the skill's API documentation while documenting contradictory request/response semantics creates a deceptive integration surface. Even if caused by documentation reuse or error, it can lead developers or agents to send the wrong content types and expose users to unintended processing, especially where the response includes sensitive face and health-analysis fields unrelated to the advertised plant-diagnosis purpose.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
This file exposes generic page/list/add/edit/delete operations for records keyed by camera/device identifiers, which goes beyond the narrowly described rose pest and disease analysis function. In a skill expected to analyze uploaded images, bundling undocumented record-management APIs expands the attack surface and may allow unauthorized enumeration or modification of camera-associated records if higher layers do not enforce strict authorization.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The add/edit/delete methods operate on camera-oriented records despite the skill being presented as a plant disease detection capability. This mismatch is security-relevant because hidden or unjustified management features can be abused by callers, plugins, or prompt-driven agents to alter infrastructure state unrelated to the advertised user task, increasing the chance of privilege overreach and unintended side effects.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill accepts local files and remote URLs as video inputs despite the manifest describing image-based rose pest/disease detection. This capability mismatch can cause users to provide broader media than expected, increasing privacy exposure and indicating the implementation may be repurposed from another domain rather than constrained to the declared use case.

Description-Behavior Mismatch

Low
Confidence
79% confidence
Finding
The skill includes report-listing and report-export URL generation features that go beyond one-off rose pest/disease analysis. Even if not directly exploitable here, exposing historical report access expands data surface area and can leak prior analysis metadata or links if authorization is weak elsewhere.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
Comments and output handling reference health/constitution assessment and face-analysis concepts that are unrelated to rose disease detection. This strongly suggests code reuse from a human health/face-analysis skill, creating a serious risk that the wrong backend data domain is being processed or exposed to users.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The code explicitly extracts and prioritizes commonAiResponse and healthAiResponse structures instead of a rose pest/disease schema. In context, this is dangerous because the skill is marketed for plant diagnostics but may display unrelated health-analysis results, causing sensitive data exposure, misrouting of user inputs, or deceptive functionality.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The implementation materially diverges from the manifest: it operates as a generic video-analysis CLI and forwards arbitrary input to a backend analysis function, while the skill is advertised as rose pest/disease image detection. This scope mismatch is dangerous because users and reviewers may grant the skill permissions or trust assumptions appropriate for simple local image diagnosis, while the code actually supports broader media processing behavior and hidden backend capabilities.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The CLI accepts remote URLs for analysis, which expands the attack surface beyond the declared camera/mobile image workflow. Remote URL ingestion can enable unexpected backend fetching behavior, including access to internal resources or untrusted content, especially if the downstream service retrieves the URL server-side.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The history-listing capability is outside the stated diagnostic scope and may expose prior analysis records tied to user identifiers. Undocumented access to historical data increases privacy risk and can enable unauthorized enumeration or disclosure if backend authorization is weak.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The code and CLI text repeatedly describe video analysis, directly contradicting the manifest's rose image pest/disease detection claims. This deception-by-implementation increases risk because operators may review, approve, and deploy the skill under a narrower trust model than the code actually uses, masking data handling and capability expansion.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file implements a user-account DAO with persistent storage for usernames, email addresses, birthdays, tokens, and account state, which is materially unrelated to a rose pest/disease image-analysis skill. This capability mismatch is dangerous because it creates hidden data-collection and account-management functionality that expands attack surface and could facilitate unauthorized retention or misuse of user data.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The code creates a local SQLite database, alters schema, and exposes broad CRUD operations even though the skill description only claims image-based diagnosis and treatment suggestions. In this context, undisclosed persistent storage is risky because users would not reasonably expect local data retention or mutation capabilities from a plant-disease detection tool.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The User model includes sensitive account-oriented fields such as token, open_token, email, birthday, and username, none of which are justified by a rose pest/disease detector. This is dangerous because it enables collection and storage of authentication or personal data under a misleading skill description, increasing privacy and credential-exposure risk.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The DAO derives database placement from the OPENCLAW_WORKSPACE environment variable and writes into a workspace data directory, behavior not justified by the stated image-analysis purpose. In context, this is concerning because it quietly couples the skill to host environment information and persistent filesystem state, which broadens system interaction beyond user expectations.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This utility performs account creation/login, retrieves tokens, and persists them locally in shared code that is unrelated to rose pest/disease image analysis. In this skill context, silently authenticating users and storing credentials expands scope far beyond the advertised function and creates risk of unauthorized account actions, credential misuse, and cross-skill data exposure.

Static analysis

Install untrusted source

Warn
Finding
Install source points to URL shortener or raw IP.

Dep not found on registry

Critical
Finding
1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal