Security audit

tarot-reading

Security checks across malware telemetry and agentic risk

Overview

This is a self-contained tarot-reading skill with some broad activation language, but no evidence of hidden data access, persistence, network use, or destructive behavior.

Install only if you want yes/no, advice, reminder, or lost-item requests to be eligible for tarot-style responses. Treat readings as entertainment and not as medical, legal, financial, safety, or practical decision guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to execute a local Python script via CLI to perform tarot draws, which expands the attack surface from pure prompt behavior to code execution. Even though the stated purpose is random card selection, SKILL.md does not provide constraints, input validation rules, or safer non-execution alternatives, so a downstream system that interpolates user-controlled values into the command could be exposed to command or script-execution risk.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger description includes broad everyday intents such as seeking advice, reminders, yes/no questions, or looking for lost items, which can cause the skill to activate outside a clearly bounded tarot context. Over-broad invocation increases the chance that unrelated user requests get routed into this skill, causing inappropriate handling, privacy issues, or bypass of better-suited skills and safeguards.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill description advertises very broad activation conditions such as general yes/no questions, advice-seeking, reminders, and finding lost items. In an agent environment, these overlap heavily with ordinary conversation and can cause the tarot skill to be invoked when the user did not explicitly ask for divination, leading to misrouting, unexpected pseudo-advice, and reduced reliability.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list includes ambiguous phrases like 'can I', 'will it', 'should I', 'what should I do', and 'where is', which are common in normal user requests unrelated to tarot. This makes accidental invocation likely, and in context that is risky because the skill may answer practical or sensitive questions with entertainment-oriented divination output instead of appropriate task handling.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal