Qimen Dunjia — 奇门遁甲

Security checks across malware telemetry and agentic risk

Overview

This is a local markdown-only Qimen Dunjia divination skill with disclosed optional preference memory and no code execution, network use, or credential access.

Safe to install if you are comfortable with a Chinese-language divination assistant. Treat outputs as reflection or entertainment, not professional advice, and do not save sensitive life, relationship, financial, medical, or legal details in MEMORY.md unless you intentionally want them reused.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs the agent to read and persist user preferences in MEMORY.md without any explicit consent flow, retention limits, or privacy notice near the storage behavior. This can cause unintended collection and reuse of sensitive preference data across sessions, especially in a fortune-telling context where users may disclose personal beliefs, plans, or life concerns.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal