Transpiration Rate Estimation | 室内绿植蒸腾速率估算

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This plant-analysis skill has real scope and privacy concerns because it uploads media to cloud APIs while also including unrelated human/pet health analysis artifacts and hidden account/token persistence.

Install only after the publisher explains exactly what media and identifiers are uploaded, why a plant skill contains human/pet health analysis artifacts, how account creation and token storage work, where local data is stored, and how records can be deleted. Avoid providing personal phone numbers, API keys, or images/videos that may include people until those issues are resolved.

SkillSpector (32)

By NVIDIA

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 81% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 81% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Description-Behavior Mismatch

Medium

Confidence: 85% confidence
Finding: The skill quietly expands from image analysis into cloud-linked historical report retrieval and persistence tied to a user open-id. That broadens data collection and tracking beyond what a user would reasonably expect from a local plant transpiration estimator, increasing privacy and abuse risk.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill instructs reading configuration files to obtain an api-key/open-id and reuse that value for cloud operations. Treating locally stored secrets or API credentials as user identifiers is risky because it can lead to credential misuse, unintended account linkage, and exfiltration of sensitive workspace configuration data.

Context-Inappropriate Capability

Medium

Confidence: 83% confidence
Finding: The skill depends on remote URL handling and cloud API calls for both analysis and report listing, which exceeds the apparent expectation of simple image-based estimation. This introduces data exfiltration and trust-boundary risks because uploaded media and identifiers may be sent to external services without prominent disclosure or tight scope control.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The file documents pet health analysis APIs inside a skill advertised for plant transpiration estimation, which indicates a strong scope mismatch and possible cross-domain code or document reuse. This can cause the agent or integrators to invoke the wrong backend, expose unrelated animal-health data flows, and bypass expected review boundaries because the documented endpoints do not match the declared skill purpose.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The referenced API documentation is materially inconsistent with the declared skill purpose: it documents generic video upload/URL analysis returning face detection and human health-diagnosis style outputs rather than plant transpiration metrics. This mismatch is dangerous because it suggests the skill may route user data to an unrelated service, enabling undisclosed collection or processing of human biometric and health-related data under the guise of plant analysis.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: Documenting face detection, constitution analysis, organ condition, and health warnings in a plant-analysis skill is unjustified and indicates hidden or repurposed human-analysis functionality. In this context, that is especially dangerous because users may provide camera feeds intended for plants, but those feeds can still contain people, leading to covert biometric/health inference without informed consent.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The overall document intent contradicts the skill's declared plant-transpiration purpose by describing human health-diagnosis behavior. Such contradictory documentation is a security and trust problem because it obscures actual processing, prevents informed user consent, and can conceal data flows to unrelated services handling sensitive personal data.

Description-Behavior Mismatch

High

Confidence: 93% confidence
Finding: The implementation accepts arbitrary local file paths or remote URLs labeled as video input and uploads the content to a backend service, which is materially inconsistent with the stated plant transpiration skill scope. This kind of scope drift is dangerous because it enables collection and exfiltration of broader user data than advertised, increasing privacy and misuse risk if a user supplies sensitive local media or attacker-controlled URLs.

Intent-Code Divergence

High

Confidence: 91% confidence
Finding: The historical report rendering path reads and displays human health and face-analysis fields in a plant-analysis skill, indicating likely code reuse across unrelated domains and possible access to unrelated backend data schemas. In context, this raises a real risk of cross-domain data exposure, where plant-skill users could retrieve or render sensitive human-analysis records or metadata not intended for this skill.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: This file exposes generic HTTP and CRUD-style wrappers (`add`, `edit`, `delete`, `http_post`, `http_put`, `http_get`, `http_delete`) that can be used to interact with arbitrary remote endpoints, which is broader than the skill's stated purpose of plant transpiration analysis. In an agent-skill context, unnecessary network primitives increase attack surface by enabling unintended data exfiltration, remote state changes, or capability reuse by other components.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The presence of remote modification helpers (`add`, `edit`, `delete`, plus POST/PUT wrappers) gives this ostensibly analysis-focused skill the ability to alter remote resources, which is not justified by the described functionality. If the skill or a dependent component is influenced by untrusted input, these methods could be abused to perform unauthorized actions against backend services or external systems.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: This shared configuration code reads platform/user identity values from environment variables and stores them in globally accessible class attributes, even though that behavior is unrelated to a plant transpiration estimation feature. In a multi-skill or hosted agent environment, this creates unnecessary access to identity metadata and increases the chance of unintended collection, cross-context data use, or leakage through logs or downstream requests.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The file defines persistent user/account storage fields including username, email, birthday, tokens, and open_token, which are unrelated to the manifest's plant transpiration analysis function. Storing account and token data broadens the data-collection surface and creates privacy and credential-handling risk if the skill or host agent did not clearly disclose or justify this behavior. In this context, the mismatch between advertised plant analytics and generic user persistence makes the issue more concerning.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The DAO constructor creates a local SQLite database and initializes schema automatically, which exceeds the skill's described analytical behavior of estimating plant transpiration from images and ambient data. Undisclosed local persistence can surprise users, retain sensitive information longer than expected, and create additional attack surface through stored state. Because persistence is not clearly tied to the stated function, the context makes this more dangerous rather than less.

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The file introduces a generic `ai_chat` capability in a shared skill module that is not tied to the stated transpiration-estimation purpose. Even though the subprocess call is currently stubbed out, retaining a general agent-invocation interface expands the attack surface and can later enable prompt-driven external actions or data exfiltration if wired up without strict controls.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: This shared utility performs platform account lookup, implicit user registration, token acquisition, and local persistence of user authentication material inside a generic HTTP helper. Those capabilities are unrelated to plant transpiration estimation and materially expand the skill's privilege boundary: a caller can trigger account provisioning and token lifecycle changes simply by making routine API calls. In the context of a plant-analysis skill, this hidden identity-management behavior is especially risky because users would not reasonably expect it.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The HTTP helper injects unrelated payment and skill-installation instructions when it sees a 402 condition, creating undeclared behavior outside the skill's stated plant-analysis function. While not a direct code-execution flaw, it is a deceptive capability boundary issue that can steer users into other workflows and monetization paths they did not request. In a narrowly scoped plant-analysis skill, this mismatch increases trust and abuse concerns.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The helper can create or register platform users from a username/phone value using a silent registration flow, which is a powerful identity-management capability with clear abuse potential. If misused, it could create accounts without meaningful verification or user awareness and be leveraged for unauthorized access paths, spam account creation, or privacy violations. That behavior is not justified by indoor plant transpiration estimation.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The code retrieves, mutates, and persists platform authentication tokens for users in local storage via DAO operations, embedding credential management into a broad utility path. This increases the blast radius of compromise: token theft, replay, accidental disclosure, and unauthorized cross-user actions become more likely. For a plant-health estimation skill, retaining and rotating user auth tokens is over-privileged and difficult to justify.

Vague Triggers

Medium

Confidence: 77% confidence
Finding: The trigger phrases for historical report retrieval are broad enough to activate report-query behavior in contexts that may not clearly indicate user intent. That can cause unintended access to cloud-linked history or disclosure of prior records when the user only asked a general question.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill says uploaded attachments are automatically saved locally, but it does not clearly warn users about local persistence, retention, or storage location. Silent file saving creates privacy and security exposure, especially for images or videos that may contain metadata or unintended sensitive content.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill requires sending user identifiers and media to a cloud/API service but does not provide an explicit privacy notice, consent mechanism, or retention explanation. This is dangerous because plant images, videos, and account-linked identifiers can be correlated, stored, and reused in ways users would not expect from the stated skill description.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The API accepts uploaded videos or public video URLs for analysis, and the surrounding documentation indicates possible face and health-related processing, yet it provides no privacy warning, consent requirement, retention notice, or handling constraints for sensitive biometric/health data. In a camera-based skill, this omission increases the risk of users transmitting personal data they do not realize will be processed or stored.

Static analysis

Install untrusted source

Warn

Finding: Install source points to URL shortener or raw IP.

Dep not found on registry

Critical

Finding: 1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal