ClawHub

AsianSeeker - Openclaw FortuneTeller

Security checks across malware telemetry and agentic risk

Overview

This horoscope skill uses personal birth details, an astronomy API, local memory, and Telegram scheduling in ways that match its disclosed daily horoscope purpose.

Install only if you are comfortable storing birth details, approximate coordinates, timezone, and Telegram chat ID locally for recurring use. Use limited AstronomyAPI credentials, verify the Telegram destination and delivery schedule during setup, and use the documented remove command when you want the stored profile and daily job deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases such as "my horoscope" and similar natural language are broad and likely to match ordinary conversation, causing unintended activation. In this skill, accidental invocation is more concerning because activation can lead to collection or use of sensitive birth data and Telegram-linked automation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The on-demand mode description does not define strict activation boundaries and says the flow runs inline, increasing the chance the skill responds during unrelated chat. Because the skill can use persisted personal records and produce automated outputs, ambiguous triggering raises both privacy and operational risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The setup instructions direct collection and storage of birth date, birth time, birth location, timezone, Telegram chat ID, and derived profile data in persistent memory, but the skill description does not clearly warn the user about this retention. These are sensitive personal data points that can enable profiling, reidentification, and long-term tracking if exposed or misused.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill creates ongoing cron jobs and sends automated Telegram messages, but does not prominently warn users that setup enables recurring external delivery. Without clear notice and confirmation, users may unknowingly authorize persistent actions and outbound messaging tied to their account and personal data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The template explicitly instructs sending generated horoscope content to a Telegram chat ID, but there is no accompanying requirement to verify consent, confirm the recipient, or disclose that personal data-derived content will be delivered through a third-party messaging platform. Because the horoscope is built from stored birth data and inferred personal profile details, misdelivery or unauthorized delivery could expose sensitive personal information and behavioral profiling data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The prompt directs the agent to retrieve birth data, Ba-Zi chart details, and a Telegram chat ID from memory, which are personal and potentially sensitive data elements, without any instruction to ensure consent, data minimization, or user-facing privacy notice. This creates a privacy and unauthorized-processing risk because the agent is operationally encouraged to process and combine personal profile data for downstream messaging without visible controls.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to retain sensitive personal data in a persistent memory file for ongoing processing. Persistent storage of birth details, location, timezone, Telegram identifiers, and derived traits increases the blast radius of any compromise and is especially risky because horoscope functionality does not require indefinite retention of full-precision personal data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal