plant-doctor
v1.0.0Expert botany assistant for plant ID, health diagnosis, care advice, watering schedules, propagation, and safe indoor gardening tips.
⭐ 0· 50·0 current·0 all-time
by@nollio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (plant identification, diagnosis, care schedules) align with the skill's instructions: image-based analysis, producing care cards, and writing local plant state under plants/. No unrelated binaries, credentials, or system-level access are requested.
Instruction Scope
The SKILL.md is specific about image-analysis, diagnosis, and updating local files under plants/. It also includes sensible prompt-injection defenses. Important privacy note: processing user photos can capture background sensitive information (people, documents, interiors); the skill explicitly warns about this. The skill may update plants/collection.json and plants/care-schedule.md automatically when the user reports watering — review that behavior if you do not want automatic writes.
Install Mechanism
No install spec and no code files — instruction-only model is low risk. Nothing is downloaded or executed by the skill itself.
Credentials
The skill requires no environment variables or credentials. The optional Dashboard Companion Kit references Supabase and environment variables for deployment — those are optional and only relevant if you choose to build the dashboard. Also optionally integrating with 'Supercharged Memory' could result in plant data being stored in a memory service; that is an opt-in behavior to review.
Persistence & Privilege
The skill does write local state under plants/ (setup instructs creation and permission-tightening). always:false (normal). The only elevated persistent surface is optional memory integration (Supercharged Memory) or building the optional dashboard which requires external DB credentials; both are opt-in. The skill does not request global/other-skills config changes.
Scan Findings in Context
[no_pattern_matches] expected: The regex-based scanner found no matches. This is expected for an instruction-only skill with no executable code files.
[codex_audit_present] expected: Repository includes CODEX-SECURITY-AUDIT.md and SECURITY.md claiming local-only behavior and no hardcoded secrets; these are informative but are authored files in the package, not an independent runtime guarantee.
Assessment
This skill appears coherent and implements what it claims: it analyzes plant photos, gives care advice, and manages local plant data under a plants/ directory. Before installing or using it: (1) Review SETUP-PROMPT.md and confirm you are comfortable with the skill creating and writing files in plants/; (2) If you do not want remote storage, do NOT enable or integrate Supercharged Memory and avoid building the optional dashboard; the dashboard requires external DB credentials and image hosting which must be configured securely if you choose to use it; (3) Be mindful that photos can contain sensitive background information (people, documents, addresses) — crop or remove those before uploading if privacy is a concern; (4) The skill can update local files when you report watering or when seasons change — ensure you trust the agent to write that data or keep backups; (5) If you decide to deploy the Dashboard, follow its security notes (authentication, RLS, private storage) and never hardcode DB keys. Overall: behavior is proportionate to purpose, but pay attention to optional integrations (memory/dashboard) that introduce external persistence.Like a lobster shell, security has layers — review code before you run it.
latestvk9739a1v5f5s4vknm92f5m6b0583yvbc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.