梅花易数技能

Security checks across malware telemetry and agentic risk

Overview

This is a local divination tool with optional local saving of readings, and no evidence of network access, credential use, destructive actions, or hidden automatic persistence.

Install only if you are comfortable with optional local recordkeeping. Avoid using --save for sensitive health, legal, financial, relationship, or personal questions unless you are comfortable with those readings being stored locally; review or delete the generated guali directory when you no longer need saved readings.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill advertises executable functionality that appears to read and write local files, but the manifest does not declare any permissions or clearly disclose that storage behavior. Hidden or undocumented filesystem access weakens the trust boundary for users and host platforms, because a seemingly simple divination skill may persist user queries, history, or generated outputs without explicit consent.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: There is a meaningful mismatch between the declared purpose and the broader behavior detected, including saving records locally, maintaining indexes, browsing/searching history, and performing additional analysis modes not clearly disclosed. This is dangerous because users and reviewers may grant trust based on a narrow stated purpose while the skill actually accumulates persistent data and exposes a larger attack surface through undocumented capabilities.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill’s stated purpose is divination/charting, but it also writes full divination results and an index to disk. Because queries may contain sensitive personal topics such as health, marriage, litigation, or finances, undeclared persistence creates a privacy and data-retention risk, especially on shared machines or multi-skill environments.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill stores divination history locally without an explicit user warning, even though prompts can reveal sensitive personal concerns. Silent persistence increases the chance of privacy leakage through local file inspection, backups, sync tools, or shared accounts, and the question text is also incorporated into filenames and indexes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal