Uplo Agriculture

Security checks across malware telemetry and agentic risk

Overview

This agriculture knowledge-base skill is coherent, but it needs review because it can access broad organizational records and persist conversation summaries without clear user consent or scoping controls.

Review before installing in environments with real farm, livestock, compliance, financial, or proprietary data. Use a least-privilege UPLO token, verify the external MCP package, restrict or approve full org-context exports, and require clear user or tenant consent before conversation logging.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to log the conversation at session end, including a summary, topics, and tools used, but provides no user-facing notice, consent mechanism, or guidance to exclude sensitive content. In an agriculture/compliance knowledge setting, conversations may contain proprietary farm data, livestock records, operational details, or compliance-sensitive information, so silent transmission or retention of conversation-derived data creates a real privacy and data-governance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal