ClawHub

Lawn Health Assessment | 草坪枯黄率与杂草密度评估

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This lawn-analysis skill appears to include unrelated video, health/face-analysis, account, token, billing, and destructive remote-management capabilities that users would not reasonably expect.

Do not install this version unless the publisher can explain and remove or clearly separate the unrelated health/video, account, token, billing, history, and camera-management code paths. A lawn-analysis skill should only need scoped image upload and result retrieval, with clear notice for any remote processing or retained reports.

SkillSpector (33)

By NVIDIA

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill includes cloud-backed historical report lookup and report-link rendering, which exceeds the stated image-analysis scope and introduces additional data exposure pathways. Historical records can reveal user activity, site imagery, timestamps, and report URLs, creating privacy and data-leak risks if accessed without clear consent and scope limitation.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill requires obtaining an open-id from configuration files or the user, which introduces identity handling far beyond simple visual analysis. Reading identifiers from local config and associating them with cloud-stored reports can expose credentials or account-linked data, especially if configuration files are reused across users or insufficiently protected.

Description-Behavior Mismatch

Low
Confidence
84% confidence
Finding
The skill states that uploaded attachments are automatically saved locally and outputs may be written to files, but this storage behavior is not clearly surfaced as part of the skill's core scope. Even when not overtly malicious, silent local persistence can retain sensitive images or metadata longer than users expect.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The API documentation is clearly inconsistent with the stated purpose of the skill: it describes pet health analysis endpoints and scenario codes inside a lawn health assessment skill. This kind of domain mismatch is dangerous because it can indicate copied or miswired integrations, causing the agent to call the wrong backend, expose unrelated data, or process unintended records. In the skill context, this is more dangerous than a simple docs typo because the endpoints and export function suggest real operational APIs that could affect or disclose another product domain.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The analysis request injects a `petType` parameter that is unrelated to the declared lawn-health purpose, indicating code reuse or hidden behavior inconsistent with the skill's stated function. This kind of mismatch increases the risk of sending unintended data to backend services, invoking the wrong model path, or masking unauthorized cross-domain functionality behind a benign skill description.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The inline comment '添加宠物类型参数' ('add pet type parameter') directly contradicts the lawn-health assessment context and strongly suggests copy-pasted or repurposed code from another domain. Such contradiction is dangerous because it signals that the skill may call incorrect backend behavior or include undeclared functionality, undermining trust in the stated data flow and increasing the chance of logic abuse or accidental data mishandling.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The documented API behavior is fundamentally inconsistent with the declared skill purpose: it accepts videos and returns face detection and human health-diagnosis outputs rather than lawn-image assessment. This kind of capability mismatch is dangerous because it can conceal undeclared collection and processing of sensitive biometric and health-related data under the guise of a benign lawn-analysis skill.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The file documents a human face/health video analysis service, not a turf/lawn assessment service as advertised in the manifest. This misrepresentation creates a serious trust and compliance risk because users may provide environmental imagery while the service is actually designed to process people, potentially enabling covert biometric or health-data processing.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Face detection, constitution diagnosis, organ-condition outputs, and health warnings are unjustified and highly sensitive capabilities for a lawn assessment skill. In this context, the mismatch makes the issue more dangerous because the skill’s benign cover story lowers user suspicion while exposing potentially regulated biometric and health inferences.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is described as performing lawn-image analysis and scoring, but this API wrapper also exposes generic page/list/add/edit/delete operations, including management of camera-associated records. That expands the effective capability of the skill beyond its stated purpose and can enable unauthorized data or device-management actions if these methods are reachable through the agent or poorly permissioned upstream APIs.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The delete method removes resources keyed by cameraSn, which appears to target camera-associated assets unrelated to the advertised lawn-health scoring function. In the context of a vision-analysis skill using drone or fixed-camera inputs, exposing deletion of camera-linked resources creates a meaningful risk of destructive actions against operational infrastructure or collected data if invoked without strict controls.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill metadata describes top-down image-based lawn assessment, but the code explicitly accepts local or remote video inputs and forwards them for analysis. This capability mismatch can lead to unintended collection and transmission of richer media than users expect, increasing privacy, bandwidth, and abuse risks and undermining informed consent and policy enforcement.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The comment states that `open_id` is only used locally and is not sent to the API, but the code passes remaining keyword arguments directly into `page()` requests, creating a risk that identifiers are forwarded despite the documented privacy expectation. This kind of documentation/behavior mismatch can expose user identifiers to backend services or logs unintentionally.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The implementation behavior materially diverges from the manifest: it performs generic video analysis via a backend skill call instead of a lawn-health image assessment workflow. This kind of capability mismatch is dangerous because users and reviewers may authorize the skill based on benign image-segmentation claims while the code actually processes different content and may invoke undisclosed remote functionality.

Intent-Code Divergence

High
Confidence
92% confidence
Finding
The CLI help text, function descriptions, and user-facing messages repeatedly describe 'video analysis,' which contradicts the manifest's lawn-health image assessment purpose. Misleading documentation increases the risk of deceptive capability exposure, improper consent, and accidental submission of unintended media to backend services.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The history-listing feature exposes an additional capability unrelated to the advertised lawn-health scoring function. Undeclared enumeration or retrieval features can leak prior analysis metadata or outputs and expand the skill's effective attack surface beyond what users expect.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
This file exposes broad generic HTTP and CRUD wrappers (`http_get`, `http_post`, `http_put`, `http_delete`, `add`, `edit`, `delete`, `page`, `list`) that are not scoped to lawn-health image analysis. In an agent skill context, this expands the skill's capability into a reusable remote API client, enabling unintended data transmission or interaction with arbitrary backend endpoints if other parts of the skill can influence URLs or payloads.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The implementation is a general-purpose remote API client rather than code specific to semantic segmentation or lawn-health scoring described in the manifest. That mismatch is dangerous because it hides broader network capabilities behind a benign-looking skill description, making review harder and increasing the chance the skill can be repurposed for unrelated external operations or covert data handling.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The file defines persistent user-account storage and CRUD operations even though the declared skill purpose is lawn-image health assessment. This capability expansion increases attack surface and enables collection or modification of user records unrelated to the advertised function, creating a data-minimization and covert-capability risk.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The model stores sensitive fields including token and open_token despite the skill description not justifying any authentication-token persistence. Retaining tokens in a local SQLite database can expose credentials through local compromise, backups, logs, or unintended reuse by other components.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This utility file implements broad authenticated API access, token handling, user lookup/creation, and payment/billing flow behavior that materially exceeds the declared lawn-image assessment purpose. Such hidden platform-integrated capabilities expand the attack surface, can transmit user identifiers and credentials to external services, and create opportunities for unauthorized account actions or opaque monetization workflows.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The helper `_get_or_create_user` sends a username/mobile identifier to a remote `/sys/phoneLogin` endpoint with `register=1`, enabling silent account creation or login without clear user authorization. In the context of a lawn-health skill, this is unrelated functionality that can cause unauthorized account provisioning and disclosure of personal identifiers to a backend service.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The code injects billing and recharge workflow messaging into request handling, including instructions to install a payment skill and top up an account. While not directly exploit code, it introduces monetization behavior unrelated to lawn analysis and can steer users into unexpected financial actions when requests fail.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Automatically saving uploaded images and videos to local storage without a clear user-facing notice creates a privacy risk, particularly because imagery may contain location, property, or operationally sensitive details. Silent persistence also broadens the attack surface if local files are later accessed by other tools, users, or processes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs cloud queries for historical reports using the user's open-id but does not clearly warn that user-linked data will be sent to or retrieved from an external service. This can lead to unanticipated disclosure of identifiers and report history, especially if users think the analysis is purely local or session-bound.

Static analysis

Install untrusted source

Warn
Finding
Install source points to URL shortener or raw IP.

Dep not found on registry

Critical
Finding
1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal