Back to skill

Security audit

Ming

Security checks across malware telemetry and agentic risk

Overview

This skill is a local Chinese metaphysics reference tool with disclosed entertainment-only limits and no evidence of hidden data access, network use, persistence, or destructive behavior.

Install only if you want cultural or entertainment-style Chinese metaphysics analysis. Do not treat its outputs as professional advice for health, legal, financial, career, marriage, or other major decisions, and avoid sharing more birth-date or name information than needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
Most of the code matches the declared description: it computes BaZi pillars, analyzes Five Elements, performs zodiac matching, and analyzes Chinese names. However, the repository also contains a separate verify.py script that performs software release verification by reading local metadata files and spawning subprocesses to test outputs. That behavior is not mentioned in the declared purpose and is unrelated to the stated cultural/entertainment metaphysics tool functionality. Because the evaluation rules say to flag any undeclared capability, this should be marked as a mismatch, even though the main user-facing functionality is accurately described.

Vague Triggers

Low
Confidence
85% confidence
Finding
The package description is broad and does not clearly constrain when the skill should activate, which can cause the agent to invoke it for loosely related requests. In a skill handling fortune-telling, name analysis, and auspicious-date topics, vague scope increases the chance of over-triggering into sensitive or misleading advice domains, even if no direct code-execution risk is present.

Unvalidated Output Injection

High
Category
Output Handling
Content
def run_json(args):
    result = subprocess.run(
        [sys.executable, *args],
        cwd=ROOT,
        text=True,
Confidence
95% confidence
Finding
subprocess.run( [sys.executable, *args], cwd=ROOT, text=True, capture_output

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.