AI Fortune Teller

Security checks across malware telemetry and agentic risk

Overview

This fortune-telling skill mostly does what it claims, but its helper scripts handle personal birth details and API credentials with broader access than the metadata and privacy disclosures make clear.

Review before installing. Treat this as an entertainment skill that may send names, birth details, questions, and generated prompts to MiniMax. Only run the helper scripts if you are comfortable with them reading your Clawd environment file, verify MINIMAX_API_HOST points to the intended MiniMax endpoint, and delete generated /tmp JSON files if you do not want local reading records retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (10)

Tainted flow: 'req' from os.environ.get (line 35, credential/environment) → urllib.request.urlopen (network output)

Critical

Category: Data Flow
Content: ) try: with urllib.request.urlopen(req, timeout=60) as response: result = json.loads(response.read().decode('utf-8')) if result.get('base_resp', {}).get('status_code') == 0: return result
Confidence: 96% confidence
Finding: with urllib.request.urlopen(req, timeout=60) as response:

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill declares no required permissions, yet the content indicates capabilities involving external API use, local JSON storage, and image generation workflows that imply network and file-write behavior. This creates a transparency and consent problem: hosts and users may believe the skill is low-privilege when it can transmit data externally and persist data locally.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The declared purpose centers on fortune-telling, but the documented behavior expands into external image generation and local result storage without clearly surfacing those behaviors in the core description. This mismatch can mislead users and reviewers about the skill's actual data flows and attack surface, especially when personal data is used to generate portraits or other derived artifacts.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The script reads and exports variables from a user-wide ~/.clawd/.env file even though this skill’s stated purpose is fortune telling. That gives the skill access to host-level secrets outside its own scope and can unintentionally expose unrelated credentials to the process and any subprocesses it launches.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The README instructs users to provide highly sensitive personal data such as full name, sex, birthplace, full birth date, and birth time, while explicitly stating the skill relies on external MiniMax text and image APIs. There is no clear warning that this information may be transmitted to third-party services, no privacy notice, and no data-minimization guidance, which creates a real privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill solicits highly sensitive personal data such as name, sex, birthplace, and full birth date/time, and explicitly states that user chart data is stored in local JSON. Birth data combined with identity details is sensitive personal information, and collecting and storing it without a clear privacy notice, retention policy, and consent mechanism exposes users to privacy harm and potential misuse.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents use of external AI services and image generation but does not clearly warn users that their prompts and personal birth data may be transmitted to third-party providers. In this context, submitted data can include uniquely identifying and intimate personal details, so undisclosed sharing materially increases privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The example prompts explicitly collect identifiable personal data including name, gender, birthplace, full birth date, and birth time, which are sensitive in combination and unnecessary to present without any privacy notice or minimization guidance. In a fortune-telling skill, users may be especially inclined to disclose intimate details, increasing the likelihood of oversharing and downstream privacy misuse if the data is logged, retained, or reused.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The tarot and fortune examples give actionable life-direction advice such as whether to continue in a stressful job or delay a job change, but they do not warn that the outputs are for entertainment or reflection only and should not be relied on for consequential decisions. This is risky because users may defer important employment, financial, relationship, or health choices to unverifiable guidance presented in an authoritative format.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script sends sensitive personal data such as name, gender, birthplace, birth date, and birth hour to an external API, but the user only sees a generic progress message. In this skill context, those details are central to the service yet still constitute personal data, so transmitting them without clear notice and consent creates a privacy and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal