Seed Germination Rate Prediction Analysis | 种子发芽率早期预测

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill claims to analyze seed germination, but its code and bundled docs include unrelated health/face analysis, account registration, token persistence, history retrieval, and administrative API methods.

Review this carefully before installing. Only use it if you trust the publisher and are comfortable sending seed tray media, open-id/username/mobile identifiers, and report-history requests to the LifeEmergence/SMYX cloud services. Do not install it in sensitive workspaces until the publisher removes the unrelated health/face logic, disables account auto-registration/token persistence unless explicitly consented to, and fixes the unresolved dependency.

SkillSpector (19)

By NVIDIA

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill advertises analysis behavior but declares no permissions despite instructing use of shell execution, filesystem reads/writes, environment-based path resolution, and network/API access. This undermines informed consent and review, and can enable unexpected data access or command execution beyond what users and platforms would reasonably expect from the manifest.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The documented purpose is seed-germination analysis, but the skill also performs account/token handling, cloud history retrieval, local token persistence, and exposes unrelated parameters such as pet-type. This kind of hidden or mismatched behavior is dangerous because it can collect credentials and user data or access backend records outside the user's expected task, increasing the chance of privacy abuse, unauthorized access, and supply-chain deception.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: Requiring an open-id/API key and mandating cloud-based history retrieval goes beyond simple local visual analysis and expands the scope to identity linkage and backend data access. That creates privacy and account-association risks, especially if identifiers are reused across services, mishandled, or collected without clear necessity, retention limits, and consent.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill instructs automatic local file saving and mandatory cloud history/report operations that are not reflected in the top-level description. Hidden persistence and backend interactions are risky because uploaded media and derived report metadata may be stored or transmitted without the user's clear understanding, broadening exposure in the event of misuse or compromise.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The documented response schema is for face detection and health/constitution diagnosis, which is unrelated to the advertised seed germination analysis skill. This indicates either endpoint misbinding or deceptive/inaccurate integration guidance, creating a serious risk that users upload tray imagery or videos to a service that performs unrelated biometric/health analysis or that the skill consumes the wrong API entirely.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The API is documented as a generic common-analysis video endpoint with only video/video_url and detail_level parameters, without any seedling-specific inputs, constraints, or outputs. In the context of a specialized agricultural analysis skill, this mismatch makes data handling opaque and increases the chance of sending user media to an unrelated multi-purpose analysis backend with broader or unexpected processing.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: This skill is described as performing germination analysis on tray imagery, but the API wrapper exposes broader state-changing and administrative operations including listing, add, edit, and delete. That expands the skill's effective privilege surface beyond the declared purpose, creating an opportunity for unauthorized inventory/configuration changes if these methods are reachable through the agent or reused elsewhere without strict authorization checks.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The delete(cameraSn) method enables deletion of camera-linked resources even though the skill's stated function is image/video analysis for seed germination estimation. In this context, an unnecessary destructive capability is especially risky because camera identifiers may correspond to live greenhouse or incubator devices, allowing disruption, loss of monitoring configuration, or tampering with operational records if invoked improperly.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill includes report-listing behavior that exposes historical analysis records, which goes beyond the stated seed germination analysis purpose. If this method is reachable through the agent, users may access metadata or prior reports they did not intend to retrieve, creating a privacy and data-scope violation.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The legacy report-listing implementation handles unrelated health and face-analysis fields inside a seed germination skill, indicating likely code reuse from another domain. This creates a serious risk of cross-domain data exposure, where sensitive health-related records or labels could be surfaced through an agricultural skill interface.

Intent-Code Divergence

High

Confidence: 93% confidence
Finding: Comments and output strings reference health or constitution assessment rather than germination analysis, reinforcing that this code path was copied from a different, more sensitive application. In context, this makes accidental disclosure of medical-style assessments more plausible and signals a broken trust boundary between skill purpose and accessible data.

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The file for a seed germination analysis skill exposes a generic `ai_chat` capability that is unrelated to the stated purpose of counting seedlings from images or video. Even though the current implementation is stubbed, this creates unnecessary latent functionality and expands the attack surface for prompt handling, misuse, or future unsafe command execution if the commented subprocess code is restored.

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: This utility implements a broad-purpose authenticated HTTP client, token handling, automatic user lookup/creation, tenant/platform stamping, retry logic, and payment-related behavior that materially exceeds a seed germination analysis skill's declared function. In this context, the mismatch is dangerous because the skill can interact with external platform services and user accounts in ways a user would not reasonably expect from image-based seedling counting, increasing the risk of hidden data flows, account actions, and unauthorized service use.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The code can automatically log in or create platform users by sending a username/mobile/openId to /sys/phoneLogin with register and silent flags, then persist returned tokens. That is a true security and privacy issue because it performs identity-linked account operations unrelated to seedling-image analysis, potentially creating accounts or binding identifiers without informed user action.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The code contains payment/recharge workflow messaging and behavior that is unrelated to the advertised seed germination analysis task. While likely intended as platform billing handling rather than overtly malicious logic, it expands the skill's operational scope and can steer users into financial/account actions from within an unrelated analysis workflow.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The documentation instructs users to upload video files or provide public video URLs for remote analysis but gives no warning about privacy, retention, third-party processing, or exposure risks. Even though the intended domain is seed trays, images and videos can still contain people, home environments, location cues, or proprietary greenhouse operations, so silent transmission to an external API creates material privacy and data governance risk.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The code reads local file contents and uploads them to a remote analysis API, but this file provides no user-visible disclosure or consent signal about that transfer. In an agent setting, users may assume local-only processing, so undisclosed transmission can create privacy and compliance issues, especially for camera images or videos from homes or greenhouses.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The DAO constructor automatically performs schema modification on every initialization by issuing an ALTER TABLE against the local database. Even though the current statement only adds a column, implicit DDL on startup can unexpectedly modify or break existing deployments, cause denial of service, and create integrity issues when run in the wrong environment or against incompatible schema versions.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The helper transmits user identifiers and later sends authentication headers and user-linked fields such as pnaUserName to external services without any visible non-debug disclosure or consent mechanism in this code. In a seed germination skill, that hidden transmission is more concerning because users would expect local or narrowly scoped image processing, not undisclosed account-linked network activity.

Static analysis

Install untrusted source

Warn

Finding: Install source points to URL shortener or raw IP.

Dep not found on registry

Critical

Finding: 1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal