ClawHub

Zodiac Horoscope

Security checks across malware telemetry and agentic risk

Overview

This horoscope skill is mostly coherent, but it allows an agent to retrieve an email verification code from the user's mailbox during setup, which crosses a sensitive account boundary.

Review before installing. Use manual email verification instead of letting an agent access your inbox, and only proceed if you are comfortable sharing your email, birth date, and birth city with the third-party horoscope service. Store the API key securely and delete any temporary cookie file after setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly authorizes automatic retrieval of a user's email verification code if the agent has mailbox access, which exceeds what is necessary for a horoscope feature and expands access into a separate sensitive account boundary. Even if framed as convenience, this enables the agent to access authentication material from a private mailbox without a narrowly scoped, explicit mailbox-access consent flow.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes broad phrases such as planning and everyday guidance language that could cause the skill to activate in contexts beyond explicit astrology requests. Because this skill collects sensitive PII and may initiate account-registration flows, unintended invocation increases the chance of unnecessary data collection or confusing users into sharing personal information.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
Allowing the agent to automatically retrieve a user's email verification code from their mailbox, without explicit opt-in for mailbox access, is a direct authentication-boundary violation. This grants the skill a path to act on a second sensitive system and could normalize unauthorized access to inbox contents under the guise of account setup.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal