Plant Growth Stage Detection | 植物生长阶段自动判定

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is advertised for plant growth analysis, but it also brings broad cloud account, history, token-storage, billing, and unrelated health/face-analysis artifacts that need manual review before installation.

Install only if you trust the publisher and the LifeEmergence cloud backend with uploaded plant media, a persistent user identifier, and locally stored API tokens. Prefer a non-PII open-id, avoid phone numbers, and ask the publisher to remove or explain the unrelated health/face-analysis artifacts, disable silent account registration, document retention/deletion, and replace the invalid `yaml` dependency before broad use.

SkillSpector (22)

By NVIDIA

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill expands from image-based plant-stage detection into local file persistence and cloud-backed history retrieval. That scope expansion increases privacy and data-handling risk because the skill now stores user media locally and fetches account-linked historical data, which are materially different capabilities from transient image analysis.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Requiring an 'open-id' sourced from a username or phone number introduces collection of personally identifiable information that is not clearly necessary for basic plant-stage detection. Because the identifier is used to save/query cloud reports, it enables account linkage and tracking across sessions without clear minimization or informed consent.

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The skill exposes generic CRUD-style operations (page, list, add, edit, delete) that go beyond the stated plant growth-stage analysis purpose. In an agent-skill context, this unnecessarily broadens capability and can enable unauthorized record enumeration, modification, or deletion if the surrounding platform invokes these methods without strict authorization and scope controls.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The documented endpoint and response schema are for generic video analysis of human faces and health/constitution data, which is fundamentally inconsistent with a plant growth stage detection skill. This mismatch is dangerous because it strongly suggests the skill may send user media to an unrelated biometric/health-analysis backend, causing unauthorized collection or processing of highly sensitive human data under false pretenses.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: An API document presented as belonging to a plant analysis skill instead describes face detection, constitution diagnosis, organ-condition inference, and health warnings. In this skill context, that is a serious trust-boundary violation because developers or users could believe they are using an agricultural imaging feature while actually interfacing with a human biometric/health inference service.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The implementation materially differs from the manifest: it performs generic video analysis and delegates to a broad `skill.get_output_analysis(...)` path rather than a scoped plant growth stage detector operating on periodic plant images. This kind of scope mismatch is dangerous because it can hide undeclared data processing behavior, send unintended media to backend services, and violate user expectations and policy boundaries for what the skill is allowed to access and analyze.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The history-listing capability exposes an additional feature unrelated to the stated plant-stage detection purpose, increasing the attack surface and creating potential privacy issues if prior analysis results are accessible by user identifier alone. In a skill expected to process periodic plant imagery, an undeclared listing function can enable unauthorized enumeration or retrieval of historical media-derived records.

Intent-Code Divergence

High

Confidence: 93% confidence
Finding: The code and CLI present themselves as a generic video analysis tool, which directly contradicts the manifest’s plant image growth-stage detection description. Such contradictory behavior is risky because reviewers and users may grant permissions based on the benign manifest while the code actually supports broader media processing, creating a deceptive capability mismatch and undermining trust and review controls.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: This file defines generic user/account persistence for a skill whose declared purpose is plant growth stage detection from images. Scope-misaligned account storage expands the attack surface, introduces unnecessary handling of user data, and creates opportunities for privacy issues or hidden capability beyond the manifest.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The User model stores token and open_token values even though token lifecycle management is unjustified for a plant growth analysis skill. Persisting credentials or bearer tokens unnecessarily creates a high-value target: compromise of the local SQLite database could expose reusable secrets and enable account takeover or unauthorized API access.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: This utility performs authenticated remote API activity and user-context enrichment that goes well beyond the declared plant growth stage detection purpose. In this skill context, hidden account/login, token bootstrap, and broad backend request support materially expand the attack surface and enable misuse of user identity or connected platform capabilities unrelated to image analysis.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The code can silently call a remote phone-login endpoint with register enabled, using a username/openId/mobile value to create or log into an account without clear user awareness. For a plant-stage detection skill, this is unjustified and dangerous because it can provision remote identities and obtain tokens as a side effect of ordinary use.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The utility reads, updates, and persists tokens for users in local storage, then reuses them in outbound requests. Storing and mutating authentication material in a general-purpose helper unrelated to plant analysis increases the chance of token leakage, cross-user confusion, and unauthorized API access if the local store or execution environment is compromised.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The code contains payment/account-balance handling logic and user-facing recharge instructions embedded in the HTTP helper. This functionality is unrelated to plant growth stage detection and suggests the skill can trigger or steer users into broader account and billing workflows outside its stated purpose.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill states that uploaded image/video attachments are automatically saved as local files, but it does not clearly warn users about retention, location, duration, or access controls. Media files can contain sensitive visual or metadata information, so silent local persistence increases privacy and unintended disclosure risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill mandates querying a remote cloud API with the user's open-id to retrieve history reports, but it does not clearly inform the user that personal identifiers and report access requests will be sent to an external service. This undermines informed consent and can expose usage history or linked account data to remote systems unexpectedly.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The open-id collection flow asks the user for a username or phone number, both sensitive identifiers, without a clear warning about sensitivity, remote transmission, storage, or retention. Collecting phone numbers for a plant-analysis workflow is especially risky because it expands the skill into identity-linked data processing beyond user expectations.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The CLI requires an open_id that may represent a user identifier such as OpenID, username, or phone number, but provides no privacy notice, minimization, or handling safeguards. In a plant-monitoring skill that may be used in consumer smart-home or greenhouse contexts, collecting persistent identifiers without disclosure increases privacy and compliance risk, and may lead to unintended logging or downstream exposure.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The API supports uploading videos or public video URLs for analysis, yet the documentation provides no warning or controls for handling potentially sensitive content. Because the same document references face detection and health diagnosis, the privacy risk is elevated: users could unknowingly submit biometric and inferred health data without informed consent, retention limits, or disclosure of processing practices.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill reads arbitrary local file content or accepts remote URLs and sends them to an external analysis service via `self.analysis(...)`, but this file shows no user-facing consent, disclosure, destination transparency, or data classification checks. In a camera/image-analysis context, that can expose sensitive media, metadata, or internal URLs to third-party services without informed user approval.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: Collecting `open-id` via a command-line argument can expose sensitive identifiers through shell history, process listings, job control tools, and logs. In this skill, the risk is amplified because the identifier appears to influence history lookup behavior, so leakage could facilitate privacy breaches or unauthorized querying of another user's analysis records.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The helper transmits user identifiers and authentication tokens to remote services and can also auto-populate fields like pnaUserName without any visible user confirmation in this file. In the context of an image-based plant analysis skill, covert transmission of identity and auth data is unnecessary and raises privacy and account-abuse risk.

Static analysis

Install untrusted source

Warn

Finding: Install source points to URL shortener or raw IP.

Dep not found on registry

Critical

Finding: 1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal