Plant Vitality Index | 植物整体活力指数（综合评分）

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This plant-analysis skill is mostly coherent in purpose, but it uploads media and identifiers to a remote service while also mishandling user identifiers, credentials, local token storage, and installation dependencies.

Install only if you are comfortable sending plant images or videos, report history queries, and a user identifier to the Life Emergence/SMYX cloud service. Do not use a phone number as open-id unless necessary, do not allow api keys to be reused as identifiers, and avoid installation until the dependency is corrected to a real package such as PyYAML and token storage/consent behavior is clarified.

SkillSpector (8)

By NVIDIA

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The default trigger is broad enough to activate on nearly any plant image analysis request, increasing the chance of unintended execution and silent transmission of user files to a remote API. In this skill, that risk is amplified because activation can lead to local file handling, open-id collection, and cloud-side history/report operations.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill tells the agent to save attachments locally, call a cloud API, and query history by open-id, but it does not prominently warn users that their images, videos, and identifiers may be uploaded, stored, and associated with historical records. That omission undermines informed consent and can expose sensitive media or account-linked activity unexpectedly.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: When a local path is supplied, the code reads the entire file and sends its contents to a remote analysis API without any user-facing disclosure, consent check, or destination transparency in this file. That creates a real privacy and data-handling risk: users may provide sensitive local media assuming only local processing, while the skill silently exfiltrates the file to an external service.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script requires `--open-id` and explicitly documents that it may contain highly sensitive identifiers such as a user ID, username, or phone number, but provides no privacy warning, minimization, masking, or safer alternative. Because command-line arguments are commonly exposed via shell history, process listings, logs, and job runners, this can unintentionally leak personal data beyond the intended recipient.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The DAO performs an automatic schema change at initialization by executing a raw ALTER TABLE against sys_user, and elsewhere the class exposes hard-delete capability. Automatic schema mutation on startup is dangerous because it changes persistent state without migration controls, can fail unpredictably across environments, and may corrupt availability or integrity if triggered in the wrong context.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The request helper automatically attaches identifiers and authentication material (`pnaUserName`, `X-Access-Token`, `X-Api-Key`, `Authorization`) to outbound requests and can also auto-register/login a user via `/sys/phoneLogin` without any user-facing notice or consent boundary. In debug mode, HTTP client logging is enabled globally, which materially increases the risk of sensitive token or identifier exposure in logs during transmission.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: When tokens are obtained, the code stores `token` and `openToken` in a local user record via `user_dao.save(...)` without any indication of secure storage, encryption, expiration handling, or user disclosure. Persisting bearer tokens locally expands the attack surface because local compromise, backup leakage, or improper database access can lead to account takeover or API abuse.

Ssd 3

High

Confidence: 99% confidence
Finding: The instructions explicitly tell the agent to read a local config file and reuse its api-key as a user's open-id, conflating a secret credential with a user identifier. This is dangerous because it encourages secret exfiltration from local configuration into command-line/API usage, potentially exposing credentials in logs, outputs, process lists, or remote requests.

Static analysis

Install untrusted source

Warn

Finding: Install source points to URL shortener or raw IP.

Dep not found on registry

Critical

Finding: 1 package(s) referenced in dependency files do not exist on their public registries: yaml (pypi)

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal