ClawHub

Plant Doctor

Security checks across malware telemetry and agentic risk

Overview

Plant Doctor is a coherent plant-care skill that stores plant schedules locally, with optional cloud dashboard guidance users should treat separately.

Install this only if you want your agent to maintain persistent plant records in plants/. Review or delete that directory and any memory entries when you no longer want tracking. Treat the optional dashboard as cloud storage: enable authentication and RLS, keep Supabase credentials in environment variables, and avoid uploading private home photos unless storage is locked down.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The README makes a strong security assurance ('never phones home') while simultaneously instructing users to paste a separate setup prompt that will 'automatically configure' the workspace, without showing or substantiating what that prompt does. This creates a trust gap: users are encouraged to rely on a privacy claim before reviewing the actual setup behavior, which could conceal file modifications or broader side effects.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document makes strong security assurances such as 'audited and verified' and 'local-first security' while also describing an optional dashboard that connects to external services and uses credentials. This creates a misleading trust signal that can cause users to underestimate privacy and data-exposure risks when enabling the dashboard component.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The file guarantees 'No External Data Transmission' but later discusses using a remote database service for the optional dashboard, including storing plant photos and schedules. Even if framed as optional, this contradiction can mislead users into exposing sensitive images or metadata to third-party infrastructure under the false belief that the package never sends data off-device.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README states that pasting the setup prompt will automatically configure the workspace and create local state files, but it does not warn users that files will be created or modified. In an agent setting, undisclosed workspace changes are risky because users may grant broad trust to setup instructions that alter project state, overwrite files, or introduce persistence without informed consent.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill instructs the agent to create directories and files in the user's workspace and change permissions without any explicit warning, confirmation step, or explanation that setup will modify local state. While the requested changes are limited and appear related to the skill's function, silent filesystem modification is still a security-relevant behavior because users may not expect an installation prompt to write to disk automatically.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The prompt directs integration of plant data with 'Supercharged Memory' if installed, but provides no consent flow, retention notice, or explanation of what data will be stored across sessions. Persisting user data to memory can create privacy and security risks because personal information, photos, household details, or sensitive notes about the user's environment may be retained or reused beyond the immediate interaction.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to update persistent memory files when a user mentions watering, but it does not require explicit user consent or clearly disclose that plant data will be stored and modified. This can lead to silent retention of personal household information such as plant ownership, routines, room locations, and timestamps, creating a privacy and integrity risk if users did not intend persistence.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The seasonal adjustment rule authorizes bulk recalculation and modification of all stored plant records without an explicit confirmation step or warning that existing data will be changed. Automatic mass updates increase the risk of unintended data corruption, stale assumptions, or surprise modifications to a user's persistent records.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal