Hydroponic Nutrient Concentration Visual Assessment | 水培植物营养液浓度视觉评估

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is framed as plant nutrient analysis, but its artifacts show broad cloud media upload, account-linked history access, automatic account/token handling, and reused human-health analysis components that need review before installation.

Install only if you are comfortable sending plant images/videos or supplied media URLs plus account identifiers to the publisher's cloud service. Do not provide a phone number or reuse an API key as an open-id unless the publisher explains why it is needed, how accounts are created, where tokens are stored, and how reports and uploaded media can be deleted. The package should be revised to use a real PyYAML dependency, narrow its endpoints to hydroponic analysis only, remove human-health/face-analysis leftovers, and add explicit consent for cloud upload and history lookup.

SkillSpector (28)

By NVIDIA

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) if offset: query = query.offset(offset)
Confidence: 80% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Dynamic attribute access via getattr()

Low

Category: Dangerous Code Execution
Content: if filters: for key, value in filters.items(): query = query.filter(getattr(self.__model__, key) == value) return query.scalar() finally:
Confidence: 80% confidence
Finding: query = query.filter(getattr(self.__model__, key) == value)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill broadens from single-purpose image analysis into cloud-backed historical report retrieval keyed to a user open-id, which introduces identity-linked data access beyond the core assessment use case. This can expose prior reports or account-associated records if triggered too easily or if the wrong identifier is supplied, especially because the retrieval behavior is described as mandatory for certain keywords.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The documented open-id flow instructs the agent to read API keys from local config files or collect a username/phone number from the user before continuing, which creates unnecessary access to sensitive credentials and personal identifiers for a visual plant assessment task. Reading secrets from workspace files and reusing them as identifiers can leak credentials across contexts, while collecting phone numbers increases privacy and account-takeover risk if mishandled.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The referenced API documentation describes a generic human video-analysis service with face detection, constitution diagnosis, and organ-condition outputs, which is materially inconsistent with the skill's claimed hydroponic plant nutrient assessment purpose. This mismatch is dangerous because it strongly suggests the skill may send user-provided plant imagery to an unrelated human-analysis backend or that the documentation is intentionally misleading, creating risks of improper data handling, unauthorized processing, and deceptive functionality.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The response schema explicitly documents face detection and human health/TCM-style diagnosis results, which contradict the skill's declared plant-analysis function. In the context of a hydroponic skill, this contradiction increases suspicion because it indicates either repurposed surveillance/biometric analysis infrastructure or deceptive documentation, both of which can lead to privacy violations and misuse of captured camera data.

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: The implementation accepts arbitrary local files or remote URLs and submits them to a generic analysis backend, which is materially broader than the declared hydroponic root/leaf image assessment purpose. This creates a scope-mismatch vulnerability: users or integrators may unknowingly use a plant-analysis skill as a generic media upload proxy, enabling unauthorized processing of unrelated or sensitive content and increasing data-exfiltration/privacy risk.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill exposes generic report listing and export-link generation capabilities that go beyond one-off nutrient assessment and may reveal historical analyses unrelated to the stated plant use case. If access control is weak upstream, this broadens the attack surface for enumeration or disclosure of prior reports and associated metadata.

Intent-Code Divergence

Medium

Confidence: 86% confidence
Finding: Comments and logic referring to health/constitution analysis indicate code reuse from a different domain, contradicting the hydroponic skill’s declared purpose. This kind of semantic mismatch is dangerous because it suggests the skill may process or expose human health-related data through a plant-analysis interface, undermining trust, consent, and safe data handling assumptions.

Intent-Code Divergence

Medium

Confidence: 81% confidence
Finding: The comment claims open_id is not sent to the API, but the function forwards arbitrary remaining arguments to page() calls, creating a risk that sensitive identifiers or unexpected parameters are transmitted despite developer assurances. This discrepancy can lead to privacy leakage and makes security reviews and user expectations unreliable.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The implementation materially diverges from the declared hydroponic root/leaf nutrient-assessment purpose and instead acts as a generic video-analysis wrapper. This kind of capability mismatch is dangerous because it can hide broader data-processing behavior than users or reviewers expect, increasing the risk of unauthorized collection, transmission, or repurposing of arbitrary media.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: Accepting arbitrary remote URLs expands the trust boundary beyond fixed-camera hydroponic imagery and can enable analysis or fetching of untrusted external content unrelated to the skill's purpose. In context, this is more dangerous because the manifest describes a constrained agricultural vision workflow, so arbitrary URL support is unnecessary and could facilitate privacy issues or abuse of backend processing on attacker-controlled media.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: This file exposes a generic API client with pagination, CRUD, and arbitrary HTTP verb wrappers that are far broader than the hydroponic image-analysis capability described in the manifest. In a skill that should mainly analyze plant images and provide nutrient advice, this excess capability increases the attack surface and could be used by other components to send or manipulate remote data unrelated to the stated function.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The http_post/http_put/http_get/http_delete methods accept an arbitrary URL and forward requests directly, creating a reusable arbitrary network request primitive. If any upstream input can influence the URL or payload, this can enable exfiltration, unauthorized external communications, or access to unintended internal or third-party services.

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The module ingests runtime identity values from environment variables such as sender/open IDs and usernames, even though this hydroponic nutrient-assessment skill does not need user or messaging identity to analyze plant images. Pulling unrelated identity context into a shared config layer expands the skill's access to personal metadata and creates a risk of unintended collection, propagation, or misuse if other components log, expose, or act on those values.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: This utility implements broad-purpose outbound HTTP access, credential/header injection, token refresh, and account bootstrap behavior that is far beyond the stated hydroponic image-analysis function. In this skill context, such hidden network and identity capabilities materially expand the attack surface and enable undisclosed data transfer or backend actions unrelated to nutrient assessment.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The nested _get_or_create_user function automatically calls /sys/phoneLogin with register=1, openId, and mobile derived from a username, meaning the skill can silently create or log into accounts. For a hydroponic nutrient-assessment skill, this is unjustified identity handling and could cause unauthorized account creation, user impersonation, or backend enrollment without informed consent.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: This code loads, persists, updates, and refreshes user tokens and account records in local storage, then reuses them for future API calls. Persisting auth material inside a shared utility for an unrelated plant-analysis skill creates a credential-management risk and may enable lateral misuse if the skill or host environment is compromised.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The default trigger is broad enough to activate whenever a user provides hydroponic-related images or videos, which can cause unintended execution of local file saving, remote uploads, and account-linked operations without clear intent. In a skill that also performs cloud queries and identifier handling, overbroad triggering materially increases the chance of accidental data disclosure or unauthorized processing.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation does not clearly warn that uploaded local files, remote URLs, and user identifiers are sent to a cloud API and that report links are fetched from remote services, depriving users of informed consent about data flows. Because the skill also stores files locally and uses open-id-linked history retrieval, this omission creates a meaningful privacy and transparency risk.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The API accepts uploaded videos or public video URLs but provides no privacy, consent, retention, or data-handling notice. Because the skill uses fixed cameras and could capture people incidentally in home or lab environments, the absence of data-governance guidance creates a meaningful risk of collecting and transmitting sensitive visual data without user awareness or adequate safeguards.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The code uploads file content or remote media references to an external analysis service without any visible user-facing disclosure, consent flow, or data sensitivity handling in this file. Given the surrounding evidence of health-analysis code reuse, this is especially concerning because users may be sending sensitive data to a remote backend under misleading plant-analysis branding.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The code processes local files or remote URLs through a backend analysis function without any user-facing notice that the media may be transmitted to an external service. In a hydroponic monitoring context this is especially problematic because users may expect local camera imagery to be analyzed narrowly for plant health, not silently uploaded or shared beyond the device.

Missing User Warnings

Medium

Confidence: 78% confidence
Finding: The download-URL helper performs a network request and returns a remotely generated URL, but there is no visible disclosure in the code that data is being transmitted to an external service. While not inherently malicious, silent network transmission is risky in a user-facing skill because it can obscure where identifiers such as tosKey are sent and how returned links may be used.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The add, edit, and delete helpers wrap remote HTTP POST calls, including a destructive delete-like operation, without any visible disclosure or guardrails. In this context, generic destructive network operations are not justified by the hydroponic assessment use case and could be abused by connected code to alter or remove remote data unexpectedly.

Static analysis

Install untrusted source

Warn

Finding: Install source points to URL shortener or raw IP.

Dep not found on registry

Critical

Finding: 1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal