Back to skill

Security audit

Nov Tarot

Security checks across malware telemetry and agentic risk

Overview

This tarot skill is mostly aligned with tarot readings, but it quietly stores sensitive session details and pushes the agent into counselor-like emotional support without clear user consent or safeguards.

Install only if you are comfortable with the agent treating tarot as emotional counseling and saving reading details locally in a hidden session file. Before use, require explicit consent for saving session data, ask where reports are written, and avoid sharing crisis, medical, legal, financial, or highly sensitive personal information through this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill explicitly reframes tarot reading as psychological counseling, which expands it beyond its stated purpose and encourages the agent to engage in mental-health-like guidance without appropriate safeguards, scope limits, or consent. In context, users seeking divination may be emotionally vulnerable, so this scope expansion increases the risk of inappropriate advice, overreach, and handling sensitive disclosures in a quasi-therapeutic way.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill adds persistent session logging and report generation workflows that go beyond core tarot interpretation and introduce unnecessary collection and retention of user content. Because the logging is designed to happen in the background and be reused later, it creates privacy and data-minimization risks for sensitive questions users may ask during readings.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to store user questions, card data, and interpretation summaries in a hidden session file without a clear necessity tied to the tarot function. This is dangerous because tarot users often share intimate relationship, emotional, or life-planning information, and hidden persistence undermines informed consent and increases privacy exposure.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger is intentionally broad enough to activate whenever tarot cards, spreads, or card names plus questions are mentioned, even if the user did not explicitly request the skill. Over-broad activation can cause the agent to steer ordinary conversation into divination mode unexpectedly, which is especially risky given the skill's encouragement of emotional disclosure and hidden logging.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill directs the agent to keep hidden per-user logs across turns, preserving questions and interpretation summaries in the background. This creates a confidentiality risk because the content of tarot sessions is often highly personal, and the hidden nature of the storage prevents meaningful user awareness and consent.

Ssd 3

Medium
Confidence
97% confidence
Finding
The instructions explicitly store records in a hidden directory for later report generation, combining sensitive session data retention with opaque handling. In a context that encourages users to share intimate concerns, this hidden persistence materially raises privacy risk and could expose personal data beyond what users reasonably expect from a tarot interaction.

Ssd 4

Medium
Confidence
91% confidence
Finding
The skill explicitly frames the post-reading phase as a moment to leverage established trust so the user may disclose more emotions and personal information. This is dangerous because it intentionally deepens emotional dependency and disclosure in a non-clinical setting, especially after positioning the agent as a quasi-counselor, increasing manipulation and privacy risks for vulnerable users.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.