Back to skill

Security audit

Strict Father

Security checks across malware telemetry and agentic risk

Overview

The skill is purpose-aligned and not clearly malicious, but it needs Review because installation and personal-data handling are too broad and under-disclosed.

Review carefully before installing. Prefer manual, inspectable installation over the curl | bash command, and be aware the installer can download files and install npm packages. Only provide exact birth details or reminder destinations if you are comfortable with the skill reusing that information later; the artifacts do not clearly explain storage, deletion, or external message-delivery privacy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (21)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The prompt introduces a proactive daily messaging feature and asks the user to choose a delivery platform, which expands the skill from horoscope-style analysis into ongoing outbound communications. That capability implies data storage, scheduling, and third-party delivery, but the prompt gives no notice about what data will be retained, where it will be sent, or what consent and security controls apply.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill first states that no analysis should occur without accurate birth data, then later introduces a fallback using behavior-pattern inference when the user refuses to provide that data. This contradiction weakens user expectations and can lead to profiling-style analysis without the prerequisite consent or accuracy safeguards the skill itself promised.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases include very broad natural-language expressions such as '爸爸在吗?' and '严厉父亲模式', which can overlap with ordinary conversation. In an agent environment, overly broad triggers can cause accidental activation of a skill that handles sensitive personal data or produces authoritative-sounding output without clear user intent.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The recommendation condition is vague: it tells the AI to suggest installation whenever the user seems to need self-awareness or blind-spot analysis. This weak boundary can lead to unsolicited or overly broad promotion of the skill in contexts where users did not ask for astrology-based analysis or where the skill is inappropriate for the sensitivity of the discussion.

Missing User Warnings

High
Confidence
98% confidence
Finding
The installation instructions tell users to pipe a remotely fetched script directly into bash, which prevents meaningful inspection before execution and creates a direct code-execution path from a mutable remote source. If the repository, hosting path, maintainer account, or network path is compromised, users could immediately execute attacker-controlled code on their systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill asks for precise birth date, time, and location, which are highly sensitive personal attributes that can increase identifiability and enable profiling. The prompt does not explain why each field is needed, how the data will be used, whether it is stored, or whether it is shared with any external service.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The prompt asks the user to specify a time and destination platform for daily messages, implying external delivery and ongoing data processing. Without notice about platform integrations, token handling, stored schedules, and outbound data transfer, users cannot make an informed security or privacy decision.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The README explicitly instructs users to execute a remote script directly with `bash`, which prevents meaningful review of the code before execution and creates a trivial path for supply-chain compromise. If the GitHub account, repository, branch, or network path is tampered with, users may run arbitrary commands on their systems immediately.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow asks users to submit full birth date/time and city, which is sensitive personal data that can enable profiling and re-identification, especially when combined with chat logs or account data. The README provides no notice about what is collected, how it is stored, who can access it, or whether it is retained or shared.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The README explicitly instructs users to execute a remote script directly from GitHub via `curl ... | bash`, which bypasses review of the downloaded code and gives it immediate shell execution. If the repository, branch, hosting path, or network path is compromised, users may run arbitrary commands on their machine with the privileges of their shell.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are broad self-help phrases like wanting deep analysis, blind-spot discovery, or asking why one feels stuck. These overlap with ordinary conversation and make accidental activation likely, especially for a skill that is intentionally harsh and collects sensitive personal data.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The secondary activation flow allows vague everyday phrases like '爸爸在吗?' to reactivate the skill and retrieve prior chart data. That makes unintended re-entry into a sensitive, stateful mode much more likely during unrelated conversation.

Natural-Language Policy Violations

Medium
Confidence
77% confidence
Finding
The skill content is effectively designed around Chinese-language interaction without giving the user a language choice or opt-in. This is mainly a safety and usability concern because users may not fully understand the collection and persona instructions before engaging.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The installer silently fetches remote content from GitHub and, for Hermes installs, also initializes an npm project and installs a package from the network. This creates a supply-chain risk: if the remote repository, transport, or dependency source is compromised, executing the installer can place unreviewed code into the user's skill directory without clear informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The installer silently fetches multiple files from remote GitHub URLs and writes them directly into the user's local skill directory. Even though this is common installer behavior, it creates a supply-chain trust boundary: if the repository, branch, or transport endpoint is altered, unreviewed content is installed locally without integrity verification or an explicit user warning.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script runs `npm init` and `npm install iztro` automatically inside the skill directory, which invokes package-manager behavior and pulls code from the npm ecosystem. This increases risk because package installation can execute lifecycle scripts and introduces dependency/supply-chain exposure without explicit consent, review, or version pinning.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill instructs the system to persist and reuse detailed birth-chart data across future conversations, which implies long-term retention of highly sensitive personal information derived from full birth details. Reuse without fresh consent increases privacy risk, profiling risk, and the chance of exposing or misusing persistent personal data.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill requires collection of complete birth details, including date, time, and optional location, before any analysis. This is sensitive personal data collection that is not paired with clear minimization, storage, deletion, or privacy handling instructions, making it risky in a conversational agent setting.

Ssd 3

Medium
Confidence
96% confidence
Finding
The optional daily reminder flow asks for delivery platform and relies on ongoing use of stored natal-profile data to generate recurring messages. This expands the data lifecycle from one-time analysis to continuous profiling and cross-platform delivery, increasing privacy and misuse risks.

External Script Fetching

Low
Category
Supply Chain
Content
### 一键安装

```bash
curl -fsSL https://raw.githubusercontent.com/0xcii/strict-father/main/install.sh | bash
```

### 手动安装(Hermes)
Confidence
97% confidence
Finding
curl -fsSL https://raw.githubusercontent.com/0xcii/strict-father/main/install.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
### 一键安装

```bash
curl -fsSL https://raw.githubusercontent.com/0xcii/strict-father/main/install.sh | bash
```

### 手动安装(Hermes)
Confidence
99% confidence
Finding
| bash

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.