Security audit

Iching Divination

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly aligned with I Ching divination, but it quietly sends personal questions to an external AI service using an embedded API key and is scoped broadly for sensitive life and money decisions.

Review this carefully before installing. Avoid entering private relationship, financial, career, health, or identifying details unless you are comfortable with them being sent to the external AI endpoint. The publisher should remove and rotate the embedded key, require user-provided credentials or a safer provider setup, disclose third-party transmission clearly, narrow activation to explicit divination requests, and reduce unused tool permissions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: This is a lightweight divination/reference skill, yet it is granted Bash, Write, and WebFetch capabilities without any documented need for shell execution, file modification, or live network calls. Excessive capabilities enlarge the attack surface: if the skill is ever prompt-injected or misused, those tools could be used to fetch remote payloads, write files, or execute commands unrelated to divination.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: A live-looking API credential is embedded directly in source as the default value for MINIMAX_KEY. Anyone with code access can extract and abuse the key for unauthorized API usage, billing fraud, or impersonation of the application to the third-party service.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger conditions are very broad, covering common requests about business, career, relationships, money, and general advice. That makes accidental invocation more likely in ordinary high-stakes conversations, causing users to receive divination-style guidance where grounded, safety-aware advice would be more appropriate.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Although the footer says divination is only a reference, the main description and trigger conditions position the skill for entrepreneurship, investment, career, and relationship decisions without a prominent upfront warning. In context, this increases the chance users will treat speculative outputs as actionable advice in high-impact personal or financial situations.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The user's question is inserted into the prompt and transmitted to a remote AI service, but the skill does not present an explicit user-facing notice or consent mechanism at the point where data leaves the system. In this skill's context, users may submit highly personal content about relationships, career, finances, or health-like concerns, making quiet third-party transmission more privacy-sensitive.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The code embeds a sensitive API key as a default configuration value, which exposes a credential to anyone who can read the file or its distribution artifacts. This is dangerous because it enables unauthorized use of the external service and can create financial, operational, and trust impacts for the owner.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal