Grow Food Anywhere

Security checks across malware telemetry and agentic risk

Overview

This is a gardening advice skill that uses local files and calendar reminders in ways that fit its stated purpose.

Before installing, be aware that the skill may save a gardening plan in your Documents folder and may set gardening reminders. Ask the agent to show the plan inline first or confirm the exact file path before writing if you prefer tighter control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The skill tells the agent to write a personalized file in the user's home documents directory without requiring explicit disclosure or consent at the time of the action. Silent filesystem writes can surprise users, create unwanted local data persistence, and normalize hidden state changes that become more dangerous in skills handling more sensitive content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal