Cutting Rooting Status Detection (Transparent Container) | 扦插枝条生根状态（透明容器）

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill claims to analyze plant rooting, but its code also handles cloud identity, account/token storage, and unrelated pet or human health analysis paths that users should review before installing.

Install only if you trust the publisher and the lifeemergence.com backend with your uploaded plant images/videos, remote URLs, open-id, username or phone number, cloud report history, and locally stored tokens. Confirm the dependency issue is fixed and that pet/human health API artifacts are removed or clearly explained before using it with sensitive media or personal identifiers.

SkillSpector (32)

By NVIDIA

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 74% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 74% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The skill documentation broadens a simple image-analysis tool into a cloud report storage and retrieval system, which materially changes the data handling and threat model. Users invoking a plant analysis skill may not expect their content and history to be stored remotely and later enumerated, increasing privacy and account exposure risks.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: Requiring an open-id for basic analysis is a significant hidden identity requirement that is not disclosed in the stated skill purpose. This links routine image analysis to user identity and account records, enabling tracking and remote record association without clear necessity or informed consent.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The instructions tell the agent to read an open-id from configuration files or collect a username/phone number from the user, despite this being unrelated to plant root detection. Pulling identifiers from config files can leak secrets or repurpose credentials, while asking for phone/username introduces unnecessary personal-data collection tied to remote API activity.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The API documentation is clearly inconsistent with the declared purpose of the skill: it describes pet health analysis endpoints and report export functions rather than plant cutting root-stage detection. This mismatch strongly suggests code or documentation reuse from an unrelated domain, which can cause the agent to call unintended backend services, expose unrelated sensitive data, or process data under the wrong business context.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The analysis request injects a pet-type parameter that is unrelated to the declared plant-rooting purpose, indicating cross-domain code reuse or hidden behavior inconsistent with user expectations. In a skill advertised for plant propagation, silently sending unrelated metadata to a backend can enable covert data repurposing, misrouting to the wrong model/service, or unauthorized profiling beyond the stated function.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The inline comment explicitly states that a pet-type parameter is being added, which directly contradicts the plant-rooting skill description and strengthens the concern that the code was repurposed from an unrelated skill without proper cleanup. This inconsistency is dangerous because it signals hidden or unintended backend behavior that users and reviewers would not expect from the manifest.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The script’s behavior and interface are materially inconsistent with the declared plant-rooting purpose: it accepts a pet_type parameter, mutates a global pet-related default, and exposes a pet-health-style listing flow. This kind of domain mismatch is dangerous because it can route plant imagery and user identifiers into unrelated backend logic or datasets, causing unintended data disclosure, incorrect processing, or invocation of hidden functionality not disclosed by the skill manifest.

Intent-Code Divergence

High

Confidence: 95% confidence
Finding: The CLI descriptions refer to pets and pet health despite the skill claiming to analyze plant cuttings, which is a strong sign of code reuse without proper refactoring. This is security-relevant because misleading labels can trick operators into supplying inappropriate identifiers or data, and they indicate that the underlying code path may still interact with unrelated pet-analysis services or stored records.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The documented API endpoint and sample response describe generic human video analysis, including face detection and health/constitution diagnosis, which directly contradicts the skill's stated purpose of plant cutting root-stage detection. This mismatch is dangerous because it suggests the skill may send user-provided media to an unrelated biometric/health-analysis service, creating a serious risk of deceptive data handling, unauthorized processing of human subjects, and unsafe integration behavior.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The request/response schema clearly indicates human face and health analysis rather than plant analysis, including fields such as face_count, quality_score, organ_condition, and health_warnings. In the context of a plant-rooting skill, this is especially dangerous because it creates a strong indication of functionality smuggling or repurposing of a sensitive surveillance/diagnostic API under a benign agricultural description.

Context-Inappropriate Capability

Medium

Confidence: 76% confidence
Finding: Accepting arbitrary remote URLs for analysis expands the trust boundary beyond the manifest's fixed-camera local monitoring use case and can cause the system or backend service to fetch attacker-controlled content. If `skill.get_output_analysis` or a downstream service retrieves the URL server-side, this can enable SSRF-style access to internal resources or unintended processing of untrusted remote media.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: This file exposes generic add/edit/delete/list wrappers plus arbitrary http_get/http_post/http_put/http_delete methods that can call caller-supplied URLs, which is much broader than the stated purpose of image-based rooting-stage analysis. In an agent skill context, this unnecessarily expands the network and data-manipulation surface, enabling unintended access to internal services, exfiltration, or misuse of the skill as a general HTTP proxy if higher-level inputs are not strictly controlled.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The file implements a generic user/account store with token and open_token persistence, which is unrelated to the declared plant-rooting analysis purpose. In a narrowly scoped vision skill, hidden account-management and credential storage materially increase the attack surface and raise concerns about unnecessary collection or retention of sensitive authentication data.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: This utility module performs authenticated API access, implicit identity resolution, and account provisioning logic that is unrelated to the declared purpose of plant-rooting image analysis. Embedding broad account and token management in a shared helper increases the attack surface, enables unexpected external interactions, and creates a covert channel for user data transmission under the guise of a harmless vision skill.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The code can automatically call /sys/phoneLogin with register=1 using a username/mobile/openId-derived value, which means the skill may create or access accounts without clear user awareness. For a plant propagation analysis skill, hidden account creation is highly suspicious because it is not required to detect root primordia from images and can expose personal identifiers to an external service.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The code loads, mutates, and persists user tokens and profile data locally, despite the declared function being image-based plant rooting assessment. Storing and updating authentication artifacts in local skill state increases the risk of token leakage, unauthorized reuse, and cross-skill abuse if the environment or storage layer is compromised.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs automatic saving of uploaded attachments to local files without warning the user or describing retention, location, or access controls. Silent persistence of user-provided media increases privacy risk and may leave sensitive files on disk where other tools or users can access them.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill requires cloud queries of historical reports using a user-linked open-id but does not provide a clear privacy notice about remote transmission, account association, or what data will be returned. This can cause unintentional disclosure of prior reports and metadata tied to an individual's identity.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Prompting the user for a username or phone number as open-id collects personal data for remote storage/query functions without explicit notice, consent language, or minimization. Phone numbers are sensitive identifiers, and using them as general-purpose open-ids increases privacy, correlation, and account-enumeration risks.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The tool requires an open_id that may be a username, phone number, or other persistent user identifier, but provides no privacy notice, minimization, or explanation of how that identifier is stored or used. In this skill, the risk is amplified because the identifier is written into process-global state and may be propagated into backend requests or list retrievals, increasing the chance of privacy violations or cross-user data exposure.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: Accepting a user-supplied URL for analysis without clearly warning about remote retrieval can cause the skill or its backend to fetch attacker-controlled resources. That creates risk of unintended outbound network access, privacy leakage of server metadata, and possible SSRF-style behavior depending on how skill.get_output_analysis resolves URLs.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The API documentation instructs users to upload videos or provide publicly accessible video URLs but provides no warning about privacy, retention, access scope, or what kinds of content may be captured incidentally. Because the rest of the document suggests human face/health analysis capability, the absence of privacy guidance materially increases the risk of exposing sensitive personal data through uploaded media or public links.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill reads arbitrary local file contents into memory and submits them to a remote analysis API without any explicit user-facing disclosure, consent flow, or visible indication at this point in the code. In an agent context, this can lead to unintended exfiltration of local media or sensitive files if the caller supplies a path the user did not realize would be uploaded.

Static analysis

Install untrusted source

Warn

Finding: Install source points to URL shortener or raw IP.

Dep not found on registry

Critical

Finding: 1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal