Back to skill

Security audit

Birth Chart

Security checks across malware telemetry and agentic risk

Overview

This is a coherent birth-chart API skill, but using it means sending personal birth details to an external astrology service.

Install only if you are comfortable sharing a person's name, birth date, birth time, and birth location with the external astrology API provider. Avoid submitting someone else's birth details without consent, and check the provider's privacy and deletion practices if the data is sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly collects highly sensitive personal data including full name, date of birth, time of birth, and location, then transmits it to an external astrology service without any privacy notice, retention policy, consent language, or handling constraints. Even if intended for legitimate chart generation, this combination of identifiers is sensitive and can create privacy, profiling, and compliance risk when users are not clearly informed how their data is used or shared.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.