ClawHub

Flowering & Fruit Set Rate Analysis | 番茄/辣椒开花坐果率分析

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill is advertised as plant fruit-set analysis, but its package also includes unrelated health/pet/face-analysis paths, automatic account login, token storage, and an invalid dependency.

Install only after the publisher explains and fixes the domain mismatches, replaces the invalid yaml dependency, and clearly documents account creation, token storage, cloud report retention, and what identifiers are sent to the service. Avoid providing phone numbers or sensitive media until those issues are resolved.

SkillSpector (34)

By NVIDIA

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The documentation broadens the skill from image counting into cloud history retrieval and persistent record handling, which materially changes the data exposure and privacy profile. Even if intended for convenience, this creates undisclosed retention and remote-access surfaces that are more sensitive than one-off image analysis.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
Requiring an open-id derived from a username or phone number introduces collection of personally linked identifiers that the manifest does not disclose. Tying analysis and report operations to phone/username data increases privacy risk and enables account correlation or misuse if those identifiers are exposed or reused improperly.

Description-Behavior Mismatch

Low
Confidence
88% confidence
Finding
Automatically saving uploaded media locally adds persistence beyond transient analysis, which users may not expect from the skill description. While lower impact than credential or network issues, local retention still increases the chance of privacy leaks, unintended reuse, or exposure of user images.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs reading configuration files to obtain api-key/open-id values before analysis, which is effectively credential access unrelated to core image recognition. This creates a path for secret harvesting from workspace files and encourages using available credentials without clear authorization boundaries or user awareness.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The API documentation is clearly mismatched with the declared skill purpose: it describes pet health analysis endpoints and scene codes inside a tomato/chili flowering and fruit-set analysis skill. This creates a strong signal of asset reuse, packaging error, or cross-domain misbinding that could cause the agent to call unintended backend services, expose unrelated data paths, or process the wrong category of user data.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The service exposes generic CRUD-style methods (page, list, add, edit, delete) that go beyond the declared purpose of image-based flowering/fruit-set analysis. This unnecessarily expands the skill's attack surface and could allow unauthorized data enumeration or modification if these methods are reachable through the agent, especially because the operations appear generic and not tightly scoped to the manifest's stated function.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The analysis request injects a petType parameter into a skill that is supposed to analyze tomato/chili flowering and fruit set, which is inconsistent with the declared domain and strongly suggests code reuse or hidden cross-domain behavior. This mismatch can cause requests to be routed, classified, or processed under unintended logic, leading to data integrity issues, misdirected backend behavior, or invocation of unrelated capabilities not expected by users or reviewers.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The inline comment explicitly states that a pet-type parameter was added in a plant fruit-set analysis skill, confirming a domain-inconsistent modification rather than an accidental transient artifact. While the comment itself is not executable, it is strong evidence of confused-deputy behavior or careless code transplantation that increases the likelihood of hidden misrouting, unauthorized feature crossover, and maintenance mistakes in security-sensitive request construction.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The documented API endpoint and response schema describe a generic video-analysis service that performs face detection and health-style diagnosis, which materially conflicts with the stated plant flowering/fruit-set purpose of the skill. This mismatch is dangerous because it suggests the skill may route user-provided plant media to an unrelated backend capable of processing human subjects, enabling undisclosed collection or inference on sensitive biometric/health-adjacent data if people appear in uploaded videos.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented behavior explicitly expands from plant analytics into human face detection and health diagnosis, which is outside the user's expected consent and outside the skill's declared function. In a home grow-box or mobile gardening context, uploads may easily include household members, so undocumented human analysis creates privacy, compliance, and misuse risks disproportionate to the skill's stated purpose.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Human face detection and health-diagnosis outputs are context-inappropriate for a tomato/chili fruit-set analysis skill and indicate hidden or overbroad processing capabilities. Because users would not reasonably expect biometric or health-related inference when analyzing plants, the context makes this more dangerous by increasing the likelihood of deceptive collection and accidental capture of sensitive personal data.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The implementation materially diverges from the declared skill purpose: it accepts local files or remote video URLs and routes data through generic or health-analysis response handling. This creates a trust-boundary violation where users may believe they are using a narrow plant fruit-set image analyzer, while the code can process broader media inputs and interact with unrelated backend workflows, increasing privacy and misuse risk.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The report-list logic accesses unrelated health and face assessment fields while comments describe a different purpose. This indicates code reuse from another domain and can expose or mislabel sensitive analysis records, causing data confusion or leakage across skill contexts.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The implementation materially diverges from the advertised skill purpose: it behaves as a generic video-analysis wrapper rather than a constrained flower/young-fruit image analyzer for fruit-set rate calculation. This kind of scope mismatch is dangerous because users, reviewers, and any policy layer may grant permissions or trust based on the manifest, while the code can process broader content and invoke backend functionality outside the declared use case.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
Accepting arbitrary network video URLs expands the attack surface beyond the declared local/mobile plant-image scenario and can enable misuse of the skill as a general remote-content fetch/analyze primitive. Even if the fetch occurs in downstream components, exposing URL-based processing can lead to unauthorized analysis of third-party content, privacy issues, or SSRF-like risk depending on backend implementation.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The history-listing capability is unrelated to the declared fruit-set analysis function and suggests access to stored analysis records or user activity beyond the advertised scope. Unnecessary data-access features increase the chance of privacy leakage, overcollection, or unauthorized exposure of prior submissions, especially when paired with user identifiers.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
This module exposes broad generic CRUD and arbitrary HTTP wrapper methods that are not constrained to the stated purpose of image-based flowering/fruit-set analysis. In a skill whose manifest suggests a narrow analytics function, these wrappers create an unnecessary capability to contact arbitrary backend endpoints and perform state-changing operations, increasing the attack surface and making misuse or hidden data exfiltration easier.

Context-Inappropriate Capability

Low
Confidence
83% confidence
Finding
The download-URL generation function introduces a storage-access capability beyond simple local image analysis, allowing callers to obtain remote object access tokens or URLs. While not inherently malicious, this is a privileged capability that is not justified by the manifest and could be abused to retrieve unintended files if upstream controls are weak.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The shared config layer reads platform/user identifiers such as OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, and FEISHU_OPEN_ID even though this skill is described as plant flowering/fruit-set analysis. Collecting or propagating unrelated identifiers expands the data-access surface and can enable unnecessary identity linkage, privacy leakage, or cross-context tracking if these values are later logged, transmitted, or reused elsewhere.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
This module implements a full generic DAO plus CRUD operations over local persistent storage and includes a sys_user table, even though the declared skill is only for flowering/fruit-set image analysis. That mismatch materially increases the attack surface by enabling hidden collection, mutation, and retention of user/account data unrelated to the skill's stated purpose.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The User model stores usernames, email addresses, token, and open_token values, which are authentication-like secrets and personal identifiers unrelated to flower/fruit-set detection. If compromised or misused, these fields could enable account takeover, correlation of identities, or unauthorized access beyond the skill's intended function.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The request helper performs unrelated account provisioning and login by sending a username/mobile/openId to an external health endpoint, then persists returned token data locally. For a flower/fruit image-analysis skill, this is an unnecessary privilege expansion and hidden data flow that can collect identifiers, create accounts, and retain credentials without clear user consent or need.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The code contains balance-check and recharge messaging that redirects the user into installing and using a payment skill, which is unrelated to tomato/chili flowering analysis. Embedding monetization control paths in a low-level utility increases the risk of deceptive behavior, undisclosed billing dependencies, and unauthorized workflow changes.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The default trigger is broad enough to activate on general plant-image uploads, which can cause unintended execution and data transfer without a specific user request. In a skill that also saves files and contacts cloud services, accidental triggering materially raises privacy and consent risks.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Ambiguous history-query keywords overlap with normal reporting language, so the skill may invoke cloud history retrieval when the user only wanted a summary or current-result explanation. Because history access can reveal prior records and linked account data, accidental activation is more dangerous in this context than in a purely local skill.

Static analysis

Install untrusted source

Warn
Finding
Install source points to URL shortener or raw IP.

Dep not found on registry

Critical
Finding
1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal