ClawHub

Zhouyi Divination

Security checks across malware telemetry and agentic risk

Overview

This divination skill is instruction-only and mostly purpose-aligned, but it automatically reads personal birth-chart files and saves every consultation to an iCloud-synced folder without a separate user choice.

Install only if you are comfortable with the agent reading the specified local birth-chart/profile files and automatically saving every reading, including your question and the full analysis, into iCloud. For sensitive topics, edit the skill first so file reads require confirmation, saving is opt-in, and the storage location is user-selected or non-synced.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill's stated purpose is divination/analysis, but it also mandates automatic persistence of every consultation to an iCloud archive. This creates unnecessary data exfiltration/retention behavior beyond what a user would reasonably expect from the manifest, especially because consultations may contain sensitive personal, emotional, or relationship information.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs writing detailed divination records into a personal iCloud Documents path, which is not necessary to answer the user's question and is not transparently disclosed in the manifest. Because iCloud is synchronized storage, this can propagate sensitive consultation data across devices and create long-lived copies that are hard for users to detect or delete.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill requires reading birthday information from USER.md and a local personal profile file containing birth-chart data, despite the manifest presenting only divination behavior. This is a privacy-relevant hidden data access pattern: it reaches into local files containing sensitive personal data without clear upfront disclosure or a demonstrated need to access a fixed filesystem path automatically.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill mandates automatic archival of every divination result to iCloud without a clear warning, consent step, or privacy notice. Users asking for analysis would not reasonably expect silent cloud-backed storage of intimate questions and conclusions, making this a significant privacy and transparency failure.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly requires automatic archival of each session to an iCloud directory without user request or consent. This establishes a standing data-retention mechanism for potentially sensitive personal disclosures, increasing risk of privacy harm, unauthorized access through synced devices, and accidental long-term retention.

Ssd 3

High
Confidence
99% confidence
Finding
The archival instructions require storing detailed natural-language session contents, including the user's question and consultation conclusions. Because divination prompts often involve relationships, health, finances, or other intimate topics, this creates a high-risk corpus of sensitive personal data that can persist indefinitely and be exposed through cloud sync, backups, or shared-device access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal