Financial Astrology

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed offline astrology-based market commentary skill with trading-style language, but it does not access accounts, credentials, networks, or execute trades.

Install only if you intentionally want astrology-themed market analysis. Do not treat its strategy, stop-loss, risk, natal-chart, or Dasha output as professional or personalized financial advice, and do not connect it to automated trading without a separate review of that automation.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The documentation creates a policy contradiction: it says the skill must never provide personal financial advice, yet later introduces natal-chart and Dasha analysis using an individual's birth data to predict personal life events. In a trading assistant context, this can nudge the system toward personalized, high-risk financial guidance disguised as astrology, weakening safety boundaries and increasing the chance of tailored financial recommendations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal