Back to skill

Security audit

Open Plantbook

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Open Plantbook API helper that uses credentials and network access for expected plant lookup and user-plant write workflows.

Install this if you want an agent to use Open Plantbook through its official API. Provide credentials only when needed, prefer OAuth credentials for write workflows, and review any create/update/delete request because it can change your Open Plantbook user-plant data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises `user-invocable: true` and instructs use of environment variables, private env files, local file reads, and direct network access, but it does not declare permissions/capabilities explicitly. This creates a transparency and policy-enforcement gap: a host may expose the skill without clearly warning that it can read secrets from the environment/filesystem and send authenticated requests off-box.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.