ClawHub

Greenhouse Climate Plant Feedback Analysis | 温室环境与植物状态联动调控

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill appears to be a greenhouse-analysis wrapper, but it sends media and identifiers to external services, stores account tokens locally, and contains mismatched health/face-analysis code and documentation.

Install only for review or testing until the publisher clarifies the actual API, replaces the incorrect dependency, documents all external endpoints and retention, removes silent account creation, and protects stored tokens. Do not provide phone numbers, sensitive camera URLs, or connect outputs to real greenhouse actuators without independent safety controls.

SkillSpector (23)

By NVIDIA

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is framed as real-time plant-state analysis, but it also queries cloud-stored historical reports associated with a user identifier. That secondary data-access behavior expands the scope from analysis into account-linked data retrieval, which can expose prior reports or metadata without users expecting that access path.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The instructions require collecting an open-id from config files or directly from the user, including username or phone number, even though that need is not clearly justified for the stated greenhouse-analysis function. This encourages harvesting or repurposing sensitive identifiers and increases the risk of unauthorized account linkage, privacy violations, or misuse of shared configuration secrets.

Description-Behavior Mismatch

Low
Confidence
84% confidence
Finding
The skill instructs automatic local saving of uploaded files, but that storage behavior is not clearly disclosed in the high-level manifest description. Undisclosed persistence can retain sensitive media longer than expected and broaden exposure through local access, backups, or later reuse.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented endpoint and response schema describe a generic human face/health diagnosis service, which is materially inconsistent with a greenhouse plant-climate closed-loop control skill. This mismatch is dangerous because integrators may send the wrong data to an unrelated external service, causing unintended collection of human biometric/health-like data, broken control logic, and unsafe automation decisions in a system that can actuate irrigation, shading, fans, and heaters.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
Presenting this file as the skill's API documentation while describing a different face/health diagnosis service can mislead developers into integrating an unintended third-party capability. In the context of a greenhouse control skill, this increases the chance of unsafe system behavior, unauthorized data flows, and supply-chain confusion about what the skill actually does.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The implementation does not match the declared greenhouse closed-loop control purpose and instead performs generic media/URL submission and analysis reporting. In a control-system context, this semantic mismatch is dangerous because operators may trust the skill to make plant/climate decisions while it actually sends arbitrary files or URLs to a backend, creating integrity and privacy risks and potentially causing unsafe automation assumptions.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The report-list formatting pulls fields such as healthAiResponse and faceAnalysisResponse, which are unrelated to greenhouse plant analysis. This indicates code reuse from another domain and creates a strong risk of mislabeling results, displaying incorrect semantics to users, and routing plant-analysis data through unintended schemas or services.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The comments and docstrings describe generic analysis reports, but the implementation continues to interpret results using health/face-assessment semantics. This inconsistency is dangerous because it can conceal functional drift, mislead reviewers and operators, and cause downstream automation or decisions to rely on invalid classifications in a greenhouse setting.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The implementation materially diverges from the declared greenhouse closed-loop control function and instead exposes a generic video-analysis CLI. This kind of skill/manifest mismatch is dangerous because it can mislead operators, reviewers, and permission systems about what the code actually does, enabling unintended data handling or hidden behavior under a trusted automation label.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The CLI strings and argument descriptions identify the tool as a generic video-analysis utility, directly contradicting the greenhouse climate-control description. This inconsistency increases the risk of deceptive packaging, operator confusion, and unsafe deployment decisions because users may grant trust or access based on the manifest rather than the code's real behavior.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The file defines a generic user-account data model and DAO, including username, email, and token storage, which is unrelated to the greenhouse plant-analysis/control function described for the skill. In a closed-loop actuator-control context, hidden identity/token handling expands the attack surface and suggests undocumented capabilities that could enable unauthorized access, account persistence, or covert data collection.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The model persists token and open_token values in plaintext-like string fields despite the stated purpose being greenhouse climate/plant feedback control. Storing authentication-style secrets in a local SQLite database without visible encryption, rotation, or scope restriction creates credential theft risk; if those tokens authorize APIs or devices, compromise could lead to unauthorized greenhouse commands or broader system access.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The shared HTTP utility silently performs external account login/registration against a health platform, retrieves tokens, and persists them locally via DAO logic. This behavior is unrelated to greenhouse climate control and creates an unexpected identity, credential, and data-flow channel that could expose operator information or bind the skill to external services without informed consent.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger logic is overly broad and auto-activates on essentially any uploaded greenhouse plant image or matching keywords. Overbroad automatic invocation increases the chance of unintended processing, silent file handling, and unnecessary transmission of user data to remote services without a sufficiently specific request.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill combines automatic local file saving with cloud history/API access, yet it does not provide a clear, prominent warning about what data is stored, transmitted, or linked to a user account. In a system handling media and account-associated reports, this lack of notice materially increases privacy and data-governance risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
Requesting a username or phone number as an open-id without a prominent warning or safer alternative creates unnecessary exposure of sensitive personal identifiers. If mishandled, these identifiers can be used to correlate users across systems, retrieve account-linked history, or enable unauthorized access attempts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation exposes closed-loop actuator control outputs for irrigation, shading, fans, wet curtains, and heaters, plus a report export endpoint, but provides no safety warnings, authorization constraints, operator confirmation requirements, or fail-safe guidance for real-world actuation. In the greenhouse context, these commands affect physical equipment and crop conditions, so underspecified controls can enable misuse, unsafe automation, or over-trust in autonomous actions that may damage plants, waste water/energy, or disrupt operations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The API doc instructs users to upload videos or provide public video URLs but gives no privacy, retention, consent, or data-handling notice. Because the same document also references face detection and health-diagnosis-style outputs, users could unknowingly submit personal or sensitive imagery to an external service without understanding storage, sharing, or compliance implications.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code reads an entire local file and transmits it to an analysis service without any user-facing disclosure or consent flow in this component. In practice this can expose sensitive local media or operational data from greenhouse environments to external systems, especially when users believe analysis is local or narrowly scoped.

Missing User Warnings

Low
Confidence
84% confidence
Finding
Remote URLs are forwarded directly to the analysis service without informing the user that the URL will be submitted externally. This can leak sensitive camera endpoints or signed URLs and may surprise users who expect the tool only to reference the URL locally.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script requires a sensitive user identifier via --open-id and then submits local or remote video content for analysis without any explicit consent notice, transport/privacy disclosure, or visible minimization controls. In a greenhouse setting using fixed cameras, this is more sensitive because continuous visual monitoring may capture workers, facilities, or proprietary operations, creating privacy and surveillance risks if data is transmitted or logged unexpectedly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The HTTP helper automatically attaches authentication headers and transmits request bodies, tenant identifiers, platform metadata, and usernames to external services without any visible confirmation, consent, or narrowing to greenhouse-specific flows. In a closed-loop control context, hidden outbound communications can leak operational metadata and credentials while also coupling physical control logic to opaque remote dependencies.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The helper function uses username/mobile data to perform silent login/registration with register=1 and silent=1, which means user-linked identifiers are sent to an external endpoint without visible disclosure or affirmative action. This creates privacy risk, unauthorized account creation risk, and an unexpected trust relationship unrelated to the advertised greenhouse-control behavior.

Static analysis

Install untrusted source

Warn
Finding
Install source points to URL shortener or raw IP.

Dep not found on registry

Critical
Finding
1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal