Turtle Pneumonia Symptom (Open-Mouth Breathing) Detection | 龟类张嘴呼吸（肺炎征兆）识别

Security checks across malware telemetry and agentic risk

Overview

The skill has a coherent turtle video-analysis purpose, but it should be reviewed because it ties videos and report history to personal identifiers, silently creates/uses remote accounts, and stores access tokens locally.

Install only if you are comfortable sending turtle enclosure videos or video URLs to the LifeEmergence/SMYX cloud service and linking them to an identifier. Prefer a dedicated pseudonymous open-id rather than a phone number, avoid placing real credentials in shared config files, and treat the local workspace database as sensitive because it may contain reusable tokens and account data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (26)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 80% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 79% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The manifest describes a symptom-detection skill, but the documentation expands behavior into cloud-backed historical report retrieval and report management. This is a scope expansion that introduces additional data access and disclosure risk beyond what a user would infer from the advertised purpose.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The skill requires an open-id and even instructs prompting for username or phone number if unavailable, despite the core task being video-based symptom analysis. Collecting personal identifiers for this purpose is excessive and creates unnecessary privacy and account-linkage risk, especially when used to query cloud history.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The skill instructs reading api-key/open-id values from local configuration files under the workspace before asking the user. Accessing local credentials or identifiers from unrelated config locations is an unjustified secret/identifier retrieval pattern for a veterinary video-analysis skill and can expose sensitive tokens without informed user action.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The documented API endpoint and response schema describe a generic human face/constitution diagnosis service, which is fundamentally inconsistent with a skill that claims to analyze turtle respiratory symptoms. This mismatch is dangerous because it strongly suggests the skill may send animal video data to an unrelated third-party model or service, causing unintended data disclosure and materially different behavior than users expect.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The documented behavior is much broader than the declared skill scope, covering generic health and face analysis rather than narrow turtle pneumonia symptom detection. Scope mismatch is a security issue because it can hide over-collection, silent repurposing of uploaded media, or use of a backend with capabilities unrelated to the user's consent and the skill's stated function.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill accepts any http/https URL as input and forwards it for analysis, even though the declared purpose is analysis from fixed enclosure cameras. This expands the trust boundary, enables analysis of arbitrary remote content, and can be abused for unintended data processing or backend fetching of attacker-controlled resources.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The skill exposes a report-listing function that is unrelated to the stated symptom-detection action, creating an additional data access surface. If invoked by an unintended caller, it could reveal prior analysis metadata or report links beyond the minimal functionality users expect from this skill.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill manifest describes only turtle symptom detection, but the code also exposes a per-user history listing function via `show_analyze_list(open_id)`. This is a scope expansion involving user-linked data access that is not disclosed by the stated purpose, creating a privacy and unauthorized-data-access risk if callers can enumerate or query another user's history.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The CLI requires a broad `open-id` that may be an OpenID, user ID, username, or phone number, even though the stated function is video symptom detection. Collecting an unnecessary persistent identifier increases privacy exposure, enables correlation of analyses to real users, and broadens harm if logs, output, or backend storage are compromised.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: This file exposes generic add, edit, delete, and arbitrary HTTP verb wrappers that are not narrowly scoped to turtle symptom video analysis. In a skill whose stated purpose is passive medical-style detection from enclosure cameras, these capabilities materially expand the attack surface by enabling remote state changes or unintended outbound interactions if other components can influence the URL or payload.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The implementation performs broad remote-resource access and mutation operations that are not reflected in the manifest's analysis-only description. This mismatch is security-relevant because users and reviewers may assume the skill only analyzes local camera/video data, while the code can issue POST, PUT, GET, and DELETE requests and obtain download URLs, creating hidden data exfiltration or remote-action pathways.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: This file implements a generic persistence layer, mutates schema, and stores user/account records even though the skill is described as turtle pneumonia symptom detection from camera video. Such capability expansion increases the attack surface, introduces unexpected data collection/storage behavior, and creates hidden persistence unrelated to the advertised function.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The User model stores username, email, birthday, token, and open_token, introducing account and credential persistence that is unjustified by the skill's stated purpose. Retaining tokens in a local SQLite database broadens the consequences of compromise from simple misbehavior to account takeover or unauthorized API use.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The utility silently provisions remote user accounts, retrieves tokens, and persists them locally, which is unrelated to turtle pneumonia symptom detection. That creates an undisclosed identity/credential management capability that could be abused for account creation, impersonation, or unauthorized API access, and the mismatch with the skill's declared purpose makes it more suspicious.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The HTTP utility contains a built-in payment/recharge handling flow that is unrelated to respiratory symptom analysis in turtles. Embedding monetization/account-balance logic in a medical-analysis skill expands the attack surface, creates confusing behavior, and suggests the code can steer users into unrelated actions not necessary for the advertised function.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: This shared helper acts as a generic API broker: it builds arbitrary URLs, injects credentials, mutates request data, retries authorization, and returns remote data. For a narrowly described turtle symptom-detection skill, such broad network and credential-handling capability is excessive and could be repurposed to access unrelated services or move user data off-platform.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The history-query trigger phrases are broad enough that normal conversation about prior reports could automatically invoke cloud retrieval. Over-broad automatic triggers increase the chance of unintended remote queries and disclosure of stored report data tied to a user identifier.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill says uploaded attachments or videos are automatically saved locally but does not present a clear user-facing warning at the point of use. Silent local persistence of animal-health videos can expose sensitive household, facility, or operational information and exceeds typical expectations for transient analysis.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs querying cloud history/report data using an open-id and even personal identifiers, but does not present a clear privacy warning about what data will be fetched, from where, and for whom. This creates a meaningful risk of unauthorized or unexpected access to historical report records.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The API accepts uploaded videos and public video URLs but provides no warning about privacy, retention, sharing, or handling of potentially sensitive visual and health-related data. Even though the skill targets turtles, enclosure video can still capture owners, household environments, metadata, or other sensitive content, so undisclosed transfer to an external API creates privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The code accepts a user identifier for remote analysis and list operations but provides no privacy disclosure, consent notice, or indication of how that identifier is transmitted and stored. In a health-adjacent animal-care workflow involving video uploads and user-linked records, silent transmission of identifiers raises compliance and privacy risks and can facilitate profiling or unauthorized linkage of behavioral data.

Natural-Language Policy Violations

Low

Confidence: 84% confidence
Finding: The help text suggests a phone number can serve as the required identifier, normalizing collection of direct personal identifiers without offering a less sensitive alternative. This is a privacy design flaw: it encourages overcollection and may cause operators to submit more sensitive data than necessary for simple video analysis.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The code transmits user-linked identifiers such as openId/mobile/username to a remote service without any visible notice or consent mechanism in this file. Even if sent over HTTPS, undisclosed transmission of identifying data is a privacy and trust problem, especially because it is not necessary from the manifest that a turtle video-analysis skill should create or log in user accounts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal