ClawHub

Plant Care Expert

Security checks across malware telemetry and agentic risk

Overview

This is a plant-care advice skill with no executable code or unusual system access, but users should be careful with broad activation and chemical treatment advice.

Installers should expect this skill to handle plant photos and plant-care questions. Treat chemical pest or disease advice as incomplete unless it says to follow product labels, use ventilation and protective gear, keep chemicals away from children, pets, and food areas, and check local rules or expert guidance for severe infestations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are broad enough that the skill may activate on routine plant-related conversation, causing unintended invocation and over-collection of user context or interruption of other workflows. In this skill’s context, the impact is limited because the domain is low-risk plant care and the README does not instruct privileged actions, but ambiguous triggering still degrades safe routing and predictability.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger set includes short, generic phrases such as “怎么养” and “好养吗”, which are common in everyday conversation and can cause unintended invocation outside the plant-care context. This can lead to incorrect routing of user requests, privacy exposure of unrelated user inputs to the skill, and degraded assistant reliability.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger “养花” is extremely broad and semantically ambiguous, making accidental activation likely in casual discussions, metaphors, or general lifestyle chatter. Broad activation increases the chance that unrelated conversations are intercepted by this skill and handled inappropriately.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide recommends specific pesticides, fungicides, and chemical treatments such as 吡虫啉、啶虫脒、阿维菌素、马拉硫磷、多菌灵、百菌清、硫磺粉 without any safety caveats. In a consumer plant-care skill, users may directly apply these chemicals indoors or around children, pets, food areas, or without protective equipment, creating avoidable exposure and poisoning risks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal