宠物情绪识别

Security checks across malware telemetry and agentic risk

Overview

This pet photo analysis skill is mostly purpose-aligned, but it has credential and provider-routing issues that users should review before installing.

Review this skill before installing. Use a DashScope-specific key only, avoid relying on OPENAI_API_KEY, and assume any analyzed pet photo is uploaded to DashScope and embedded in the generated HTML report. Do not use the output as a substitute for veterinary advice, especially for signs of pain, fear, aggression, or illness.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The template loads Chart.js from a public CDN at render time, which creates an external trust and availability dependency for a local report. If the CDN asset is tampered with, blocked, or replaced, the generated report can execute attacker-controlled JavaScript in the viewer's browser or fail unexpectedly.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill collects credentials from multiple unrelated sources, including OPENAI_API_KEY and config files outside the narrowly needed DashScope secret. In a skill context, broad secret discovery is dangerous because it increases the chance of using or exposing credentials the user did not intend to grant to this feature.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The CLI presents an --api option with 'openai' as a valid choice, but the code always sends the image and bearer token to DashScope. This mismatch can cause users to believe data will go to one provider while it is actually transmitted to another, creating a deceptive data-flow and credential-use issue.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger list includes broad, conversational phrases such as '看看我家猫', '看看我家狗', and '帮我看看宠物' that could match ordinary user requests and activate the skill unintentionally. In this skill’s context, unintended activation is more concerning because it may lead users to upload pet photos to an external AI service without clearly realizing which skill handled the request.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README states that users upload cat or dog photos and that analysis is performed by DashScope, but it does not clearly warn that images will be transmitted to a third-party external AI service. This creates a privacy and consent risk, especially because pet photos may contain people, homes, location clues, or metadata that users do not expect to leave their local environment.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger list includes broad everyday phrases like '看看我家猫', '看看我家狗', and '帮我看看宠物', which can cause the skill to activate in contexts where the user did not clearly intend photo analysis. Because the skill may then request or process an image and send it to an external API, overbroad triggering increases the risk of unintended data handling.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger scenarios say that if a user shares a pet photo or wants to understand a pet’s state, the skill should activate, but they do not require clear consent for remote analysis. This ambiguity can lead to accidental invocation and external transmission of user-provided images without sufficiently explicit user intent.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill description explains image-based emotion recognition but does not clearly warn that pet photos are transmitted to DashScope, an external third-party API. Users may reasonably assume local analysis and therefore provide images without informed consent about data sharing.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This guidance encourages users to interpret pet emotions from photos and only briefly notes that AI has limitations, but it does not clearly state that the content is general information and must not replace veterinary or professional behavioral assessment. In a pet-health and behavior context, users may rely on the output to dismiss pain, fear, aggression, or distress, which can delay needed care or create unsafe handling situations for people and animals.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script uploads the supplied pet image to a third-party API without an explicit consent or privacy warning at the point of use. Even seemingly harmless pet photos may contain people, homes, location clues, or metadata, so silent external transmission creates a real privacy risk in this skill context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal