Back to skill

Security audit

谛观·解卦 | Hexagram Interpreter

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate hexagram interpretation tool, but it asks agents to persist sensitive user feedback and preferences without clear consent, retention, or deletion controls.

Review this skill before installing if you may discuss personal, relationship, health, financial, or work decisions. Use it only if you are comfortable with its feedback and memory behavior, avoid sharing identifying details in feedback, and prefer disabling or removing the local feedback and global MEMORY.md steps unless you explicitly want persistent personalization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The README presents the skill as an installable local/OpenClaw capability, but later discloses that its core algorithmic behavior depends on a remote API. This creates a transparency and trust-boundary issue: users and host agents may assume processing is local while sensitive prompts or derived metadata are actually sent off-platform, which can affect privacy, security review scope, and operational reliability.

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
The feedback section states that user-provided examples and contextual information will be used to improve training/algorithms, which goes beyond the stated divination/interpretation purpose. This is a data-use expansion risk because users may disclose sensitive personal situations in queries and not expect those details to be repurposed for model improvement.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill presents itself as a non-deterministic interpretation assistant, but it also collects and persists user feedback for ongoing optimization. That expands the function from transient inference into data collection and model-behavior shaping, which materially changes the trust and privacy posture users would reasonably expect.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The workflow includes prompt optimization based on accumulated user feedback, which goes beyond the stated purpose of merely expanding symbolic possibilities. This hidden secondary use can mislead users about how their interactions are reused and can cause cross-session behavioral drift without informed consent.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The skill writes user preferences and corrections into a persistent global workspace memory unrelated to the narrow task of one-off hexagram interpretation. Persistent shared memory can expose one user’s sensitive context, beliefs, relationship issues, or decision patterns to later sessions or other skills if isolation is weak.

Context-Inappropriate Capability

Medium
Confidence
78% confidence
Finding
Directing users to external GitHub links introduces an external disclosure path that is not part of the skill’s core interpretation function. Users may be encouraged to submit sensitive personal scenarios to a public or third-party service without understanding the privacy implications.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Trigger phrases such as '分析这事' and '推演一下' are broad everyday language that can match ordinary conversation unrelated to intentional skill use. Unintended activation can cause the wrong skill to take over a conversation, potentially sending user content into divination logic or related remote services without meaningful user intent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
English triggers like 'divination' and especially 'symbolic deduction' are generic and lack scope constraints, making accidental routing more likely in multilingual or general reasoning contexts. This increases the chance that benign analytical queries are interpreted as a request to invoke the skill, with possible privacy, UX, and policy side effects.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger list contains broad natural-language phrases such as '分析这事' and generic divination terms that can cause unintended activation in unrelated conversations. Accidental invocation matters more here because the skill also performs persistence and feedback collection behaviors, increasing the chance of collecting data from users who did not intend to use it.

Missing User Warnings

High
Confidence
93% confidence
Finding
The skill instructs storing user feedback and preferences but does not provide a clear privacy warning at the point of collection. Because users may discuss sensitive topics like relationships, health, finance, or career decisions, undisclosed persistence creates a meaningful privacy and trust risk.

Missing User Warnings

High
Confidence
96% confidence
Finding
Writing preference data to a global workspace memory without clearly warning about persistence scope is especially risky because 'global workspace' implies broader availability than a single conversation. Sensitive personal preferences or corrections can persist invisibly and influence later interactions or become accessible outside the user’s expectations.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list contains broad, everyday phrases such as '分析这事' and '推演一下' that can match ordinary user requests unrelated to divination, causing unintended invocation of this skill. In this context, accidental activation is especially concerning because the skill produces symbolic/divinatory guidance, which could unexpectedly influence user decisions in situations where they did not explicitly request that mode of analysis.

Ssd 3

Medium
Confidence
92% confidence
Finding
The changelog describes persistent storage of user feedback and preferences across conversations in local files such as `feedback/local_feedback.jsonl` and `MEMORY.md`, without any mention of consent, minimization, retention limits, access controls, or redaction of sensitive content. In a divination/advice skill, users may share highly sensitive personal, relationship, health, or financial details, so cross-session persistence meaningfully increases privacy and data handling risk.

Ssd 3

Medium
Confidence
94% confidence
Finding
Persistent storage of feedback and preferences in global memory can leak sensitive user-provided information across sessions, especially in a skill centered on intimate life questions. Even if the intent is personalization, storing contextual examples and validated interpretations can reveal private facts or inferred traits over time.

Ssd 3

Medium
Confidence
90% confidence
Finding
The feedback guidance asks users to submit full inputs, outputs, background, and similar cases, which encourages overcollection of sensitive personal data. Sending rich contextual narratives to an external issue tracker can lead to unnecessary disclosure, re-identification, or public exposure depending on repository settings.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.