Duke of Zhou's Dream Interpretation - 周公解梦

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward dream-interpretation lookup skill that uses a disclosed JisuAPI key and sends only the search query parameters needed for that purpose.

Install only if you are comfortable using a JisuAPI account key and sending dream search keywords to that provider. Avoid putting sensitive personal details into dream queries, and use a dedicated API key you can rotate or revoke.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger text uses broad wording such as 'or similar dream questions,' which can cause the skill to activate for loosely related conversations. Overbroad activation increases the chance of unnecessary third-party API calls and unintended disclosure of user prompts to the external provider.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal