Back to skill

Security audit

Yunshi

Security checks across malware telemetry and agentic risk

Overview

This is a local Chinese astrology skill that handles sensitive birth/profile data and optional daily push, but the sensitive flows are disclosed and no hidden upload, credential use, or destructive behavior was found.

Install only if you are comfortable storing exact birth details and optional family-member details in local MEMORY.md and receiving scheduled horoscope pushes. Treat relationship, health, finance, and legal fortune output as entertainment or cultural interpretation, not decision-making advice, and delete the yunshi profile block from MEMORY.md or run the push-off command when you no longer want it retained or delivered.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to read and update `MEMORY.md` with highly sensitive personal data including birth date, time, place, family-member details, and push settings. Even if the scripts themselves do not write files, the overall workflow normalizes persistent storage of sensitive user data in a general-purpose memory file, increasing the risk of over-retention, unintended reuse across contexts, and accidental disclosure.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad, natural-language phrases such as "my horoscope" and "daily horoscope" that are likely to appear in ordinary conversation, increasing the chance of accidental or over-broad invocation. In an agent skill context, unintended activation can cause the skill to process sensitive birth/profile data or produce actions the user did not explicitly request.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The registration flow requests highly sensitive personal data—including full birth date, exact birth time, birthplace, and name—before presenting any privacy notice or obtaining meaningful consent. In this skill's context, those details are especially sensitive because they are the core profiling inputs and can also be used to infer identity, making premature collection risky if users are not informed about retention, use, and deletion terms first.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script generates a persuasive marriage-compatibility report with scores, grades, and advice about whether users should proceed with marriage, but it provides no disclaimer that the output is entertainment, culturally interpretive, or non-deterministic. In the context of relationship and marriage decisions, users may over-trust the output and make sensitive life choices based on unsupported analysis, creating meaningful risk of psychological or decision-making harm.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"docs": "docs"
  },
  "dependencies": {
    "iztro": "^2.5.8"
  }
}
Confidence
88% confidence
Finding
"iztro": "^2.5.8"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.