谛观·射覆 | Shefu Hexagram Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed I Ching hexagram/divination helper with local calculation scripts and reference data, not malware or a hidden data-access tool.

Install only if you want an I Ching/divination workflow available in chat. Treat its outputs as reflective or cultural interpretation, not medical, financial, legal, or life-decision advice, and be aware that some generic Chinese trigger phrases may invoke it unexpectedly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (11)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list contains many short, generic phrases such as '预测', '测算', and '起卦' that can appear in ordinary conversation and cause accidental activation. Unintended invocation can route users into a divination workflow they did not request, increasing the chance of confusing responses, context hijacking within the assistant, or policy-inappropriate guidance in unrelated chats.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list includes broad, everyday phrases such as '算一算', '猜一猜', '预测', and 'shefu' that can plausibly appear in ordinary conversation, increasing the chance of accidental or context-inappropriate invocation. In a divination skill, unintended activation is more concerning because users may receive quasi-occult or advisory outputs without clearly opting into that mode, which can confuse users and override expected assistant behavior.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 84% confidence
Finding: '占卦' is short and broadly understandable as 'divination/casting a hexagram,' making accidental or overly eager matching plausible in normal conversation. This can trigger the skill when the user is merely discussing the topic rather than requesting activation.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 95% confidence
Finding: '测算' is a very broad phrase that can refer to estimation, calculation, or forecasting in many non-divination contexts. Because it overlaps heavily with ordinary speech, it creates a realistic risk of unintended activation and context capture.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 95% confidence
Finding: '预测' is extremely generic and widely used across finance, weather, analytics, and everyday discussion. A trigger this broad can misfire frequently, causing the assistant to enter an irrelevant skill path and degrade trust or produce inappropriate responses.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 72% confidence
Finding: '卦脉' is shorter and somewhat specialized, but still compact enough that simple substring matching could activate the skill on references or quotations rather than requests. The risk is lower than generic terms but still stems from insufficient trigger specificity.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 86% confidence
Finding: '解卦' is a concise action phrase that may appear in discussion, quoting, or comparison without representing a direct request to invoke the skill. If matched naively, it can cause unintended entry into the interpretation workflow.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 83% confidence
Finding: '问卦' is short and action-oriented, but ambiguous enough to appear in general discussion of divination practices. Without confirmation, it may trigger when the user is not actually requesting skill execution.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 93% confidence
Finding: '起卦' is a common short phrase within this domain and may appear in explanatory or historical discussion, not only as an invocation. Because the skill has a strong procedural workflow, accidental triggering can quickly redirect the conversation into an unwanted experience.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 82% confidence
Finding: '摇卦' is short and can be mentioned descriptively rather than as a request. On systems that rely on simple keyword triggers, this creates avoidable accidental activation risk.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 88% confidence
Finding: '六爻' is a very common category term in Chinese divination discourse and can appear in educational, comparative, or casual mention contexts. A bare trigger this broad can misfire often, especially because users may mention the method without asking to run the skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal