Back to skill

Security audit

Farming Assistance for Allotments

Security checks across malware telemetry and agentic risk

Overview

This garden helper is mostly purpose-aligned, but it can automatically change its persistent crop knowledge base using unverified model-generated data without first asking the user.

Install only if you are comfortable with the agent modifying local garden memory. Before using it, change or override the unknown-crop flow so unsupported crops require explicit approval of the proposed crop definition before anything is written to the knowledge base.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill instructs the agent to create and modify knowledge-base files automatically using the model's own training knowledge when an unknown crop is encountered. That gives the model write authority over persistent local data without explicit user approval, and it relies on unverified generated content, which can corrupt garden state, introduce inaccurate agronomic guidance, or be abused as a pathway for unauthorized file/content changes.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The skill states that crop knowledge must never be modified unless the user explicitly asks, but later overrides that rule by automatically editing the knowledge base for unknown crops. This contradiction weakens safety boundaries and makes unauthorized state changes more likely because the model is told to bypass the stated consent requirement.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The unknown-crop flow performs persistent KB modification and then retries planting without warning or confirmation. Even if intended as convenience, silent writes reduce user visibility and consent, increasing the chance of incorrect or unwanted records being added to long-lived garden data.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
1. Run `scaffold-kb-crop --plant-id <plant_id> --lifecycle <annual/perennial> --file data/<plant_id>_scaffold.json` to get a template file in the data folder.
2. Read the template file, then rewrite/populate it with accurate botanical and watering details from your training knowledge.
3. Automatically run `add-kb-crop --from-file data/<plant_id>_scaffold.json --json`. (This will also automatically delete the scaffold file from the data folder on success).
4. If `add-kb-crop` returns any validation errors, fix the fields in the file and retry.
5. Once the crop is successfully added to the knowledge base, immediately re-run the original `add-planted-crop` command, but only if the user intended to actually add the crop.
6. Once completed, present the final success message to the user, informing them that the crop was automatically added to the knowledge base and successfully planted.
Confidence
90% confidence
Finding
Automatically run

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
1. Run `scaffold-kb-crop --plant-id <plant_id> --lifecycle <annual/perennial> --file data/<plant_id>_scaffold.json` to get a template file in the data folder.
2. Read the template file, then rewrite/populate it with accurate botanical and watering details from your training knowledge.
3. Automatically run `add-kb-crop --from-file data/<plant_id>_scaffold.json --json`. (This will also automatically delete the scaffold file from the data folder on success).
4. If `add-kb-crop` returns any validation errors, fix the fields in the file and retry.
5. Once the crop is successfully added to the knowledge base, immediately re-run the original `add-planted-crop` command, but only if the user intended to actually add the crop.
6. Once completed, present the final success message to the user, informing them that the crop was automatically added to the knowledge base and successfully planted.
Confidence
90% confidence
Finding
automatically delete

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.