ClawHub

Bytesagain Fortune Teller

Security checks across malware telemetry and agentic risk

Overview

This skill is presented as a harmless fortune-telling tool, but the reported runtime behavior includes a broader local data-management utility with persistent logging and export features.

Review this skill carefully before installing. It is not enough to treat it as a fortune-telling toy; assume it may store what you type, keep command history on disk, and allow that stored data to be searched or exported. Avoid entering sensitive personal information unless the publisher clearly documents storage location, retention, deletion, and export behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill metadata advertises harmless fortune-telling features, but the analyzed behavior includes persistent storage, history logging, database manipulation, search/export capabilities, and generic utility commands that are unrelated to the declared purpose. This mismatch is dangerous because users may invoke the skill expecting simple entertainment while it silently performs broader data-handling actions, increasing the risk of unintended collection, retention, or exfiltration of local user data.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill’s declared purpose is entertainment-oriented fortune telling, but the implementation is a generic persistent data-management CLI that can add, list, search, and export locally stored entries. This mismatch is dangerous because it broadens the capability surface beyond user expectations, enabling covert collection or handling of arbitrary user-supplied data under a misleading description.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The script self-identifies as a 'Multi-purpose utility tool,' which directly contradicts the manifest’s narrow fortune-teller framing. In a security review, this kind of capability/identity mismatch is a red flag because it suggests the skill may be packaged to appear harmless while exposing broader utility behavior than users or reviewers expect.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script persists user-provided input to data.log and history.log without clearly warning users in the help text or comments that their entries and command activity will be stored on disk. In the context of a fortune-telling skill, users are less likely to expect local logging of potentially sensitive prompts or notes, which increases the privacy risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal