Plant Night Respiration Rate Analysis | 植物夜间呼吸作用强度估算

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill claims to analyze plant respiration, but its artifacts route videos, user identifiers, and account tokens through broader cloud health/AI infrastructure with major scope mismatches.

Review carefully before installing. Use this only if you are comfortable sending uploaded videos, remote URLs, user identifiers, and report history to the publisher's cloud services, and avoid providing phone numbers or sensitive facility footage unless the publisher documents retention, deletion, and access controls. The publisher should align the code and API docs to the plant-only purpose, remove human health/face-analysis artifacts, make history lookup opt-in, and replace the unsafe dependency declaration.

SkillSpector (23)

By NVIDIA

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill makes user/account identification mandatory by requiring an open-id from config files or user-supplied username/phone number before analysis. That creates unnecessary collection and use of sensitive identifiers for a task that could plausibly be local or pseudonymous, increasing privacy risk and enabling cross-session tracking or unintended access to cloud-linked data.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill scope is broadened from plant respiration estimation into mandatory cloud history/report management and remote querying. This is dangerous because it increases data exposure and backend dependence beyond what users would expect from a single-purpose analysis skill, and creates additional pathways for unauthorized retrieval or accidental disclosure of historical reports.

Description-Behavior Mismatch

High

Confidence: 93% confidence
Finding: The analysis request injects a petType parameter that is unrelated to plant respiration analysis, indicating code reuse or hidden branching into an unintended backend behavior. This can cause requests to be routed, classified, or processed under the wrong model or tenant logic, leading to incorrect analysis, data misassociation, or accidental access to functionality outside the skill’s declared scope.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The referenced API documentation describes a generic human video-analysis service with face detection and health/constitution diagnosis, which is fundamentally unrelated to the declared plant night respiration analysis skill. This mismatch is dangerous because it suggests the skill may covertly route user data to an unrelated surveillance or biometric/health analysis backend, creating deceptive data handling and unauthorized capability expansion.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The documented behavior focuses on human face/video health analysis rather than plant thermal respiration estimation, indicating a likely capability substitution or disguised functionality. In the context of an agriculture skill, this is especially suspicious because users would not reasonably expect collection or inference of human biometric or health-related information.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: Facial detection and human health/constitution diagnosis are unjustified capabilities for a plant-respiration analysis skill and indicate collection or inference beyond the stated purpose. Such hidden functionality can enable privacy-invasive processing, unauthorized profiling, and deceptive consent because operators may submit environmental camera footage believing it is only used for plant monitoring.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The implementation accepts arbitrary local video files or remote video URLs and forwards them to a generic analysis backend, while the manifest claims a narrowly scoped nighttime plant thermal-respiration function. This mismatch is dangerous because users may trust the declared purpose and unknowingly submit unrelated or sensitive media to a broader service, creating a capability-confusion and data-handling risk.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The code/comments/output logic reference health or constitution assessment fields unrelated to plant respiration analysis, indicating the skill may be repurposed from a human-health workflow. In security terms, this inconsistency increases the risk of misleading users about what backend service is being called and what categories of data may be processed or exposed.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The implementation does not match the declared skill purpose: instead of analyzing thermal imagery and optional CO₂ data for nighttime plant respiration, it exposes a generic video-analysis and history-listing interface. This kind of scope mismatch is dangerous because it can conceal undeclared data processing, cause operators to trust outputs that are unrelated to plant respiration, and potentially route arbitrary video content into a backend service under a misleading agricultural description.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: Allowing arbitrary remote URL ingestion is unjustified for a fixed-camera plant-factory monitoring workflow and expands the attack surface. It can enable unintended external content fetching, backend abuse, privacy issues, and possible SSRF-like behavior in downstream components if the fetched URL is processed by internal services without strict controls.

Description-Behavior Mismatch

High

Confidence: 93% confidence
Finding: The file defines a persistent user/account data model and DAO operations for usernames, email, tokens, and record mutation, which are unrelated to the declared plant respiration analysis purpose. This expands the skill's data access and storage scope, increasing privacy and abuse risk if the skill can create, modify, or retain user/account records and tokens without clear necessity.

Description-Behavior Mismatch

Medium

Confidence: 83% confidence
Finding: The DAO initializes a general-purpose SQLite database, creates tables, and alters schema at startup, which goes beyond narrow respiration monitoring and introduces hidden stateful behavior. In a skill advertised as sensor analytics, undisclosed local persistence and schema mutation broadens the attack surface and can enable unauthorized retention or manipulation of unrelated data.

Context-Inappropriate Capability

Medium

Confidence: 79% confidence
Finding: The code derives the database location from the OPENCLAW_WORKSPACE environment variable and writes under a workspace data directory without validating or constraining the resolved path. In a multi-skill or shared runtime, this can place persistent data in unintended locations, increasing the risk of data exposure, cross-component interference, or tampering.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The utility layer performs remote login/account creation against a health-domain API and provisions tokens automatically using a username/openId, which is unrelated to plant respiration analysis. This creates hidden external identity handling, transmits user identifiers to third-party services, and can silently create or link accounts without informed user consent.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The code returns recharge/payment workflow instructions when an HTTP 402 condition occurs, even though billing/payment behavior is unrelated to a plant respiration analysis utility. This indicates hidden coupling to monetization flows and can steer users into installing additional skills or interacting with unrelated services they did not request.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The history-report trigger phrases are broad enough to activate on common user requests, which can cause the skill to query cloud report data when the user did not clearly intend that action. In a skill that uses account-linked identifiers and remote report retrieval, ambiguous triggering increases the risk of unintended data access and privacy violations.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Automatically saving uploaded files to local storage without an upfront notice or consent creates unnecessary data retention risk. Thermal imagery and related uploads may reveal proprietary crop conditions, facility layouts, timestamps, or operational practices, and local persistence broadens the exposure window if the host is shared or compromised.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs cloud API queries for historical reports without clearly warning users that identifiers and report metadata may be transmitted to a remote service. This is risky because report histories can reveal operational schedules, crop health trends, and user identity linkage, all of which may be sensitive in controlled agriculture settings.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: Requiring users to provide a username or phone number as open-id, without a clear warning about sensitive identifier handling, creates avoidable privacy and security risk. Phone numbers are high-value personal identifiers, and tying them to analysis records can enable tracking, correlation of activity, and potential disclosure if logs or backend data are exposed.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The API accepts uploaded videos or public video URLs for analysis without any warning about privacy implications, despite the documented analysis including face detection and health-related outputs. This omission is risky because users may unknowingly transmit sensitive biometric or medical-adjacent data to a remote service without informed consent, retention limits, or handling guidance.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill reads the full contents of a local file and submits them to an external analysis service without any visible consent, warning, or disclosure in this code path. That is dangerous because users may provide local files under the assumption of local-only processing, resulting in unintended exfiltration of potentially sensitive media.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The skill forwards user-supplied remote URLs to the analysis service without warning the user that external network resources will be accessed or that the URL itself will be submitted onward. This can expose internal or sensitive URLs and creates ambiguity about whether the backend will fetch untrusted resources, broadening the attack surface.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The request helper injects identifiers and credentials such as pnaUserName, X-Access-Token, X-Api-Key, and Authorization into outbound requests without any non-debug disclosure to the user. In a skill ostensibly about plant monitoring, silently transmitting identity and token material to external services is a privacy and trust violation and increases the blast radius if endpoints or logs are compromised.

Static analysis

Install untrusted source

Warn

Finding: Install source points to URL shortener or raw IP.

Dep not found on registry

Critical

Finding: 1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal