Back to skill

Security audit

AsianSeeker - Openclaw FortuneTeller

Security checks across malware telemetry and agentic risk

Overview

This skill’s sensitive behaviors are real, but they match its disclosed purpose of storing horoscope profile details and sending recurring Telegram horoscopes.

Install only if you are comfortable storing exact birth details, location/timezone, derived chart data, and a Telegram chat ID locally for recurring use. Verify the Telegram destination and schedule during setup, use limited AstronomyAPI credentials, and use the remove command when you want the local profile and daily job deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes Python scripts, reads and writes local files, uses environment-backed API credentials, and performs outbound network actions, but no permissions are declared in the manifest. That creates a transparency and governance gap: users and the host system cannot accurately assess or gate the skill's access to sensitive resources such as local memory files, Telegram targets, and API secrets.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The setup flow persists highly sensitive personal data including birth date, birth time, location, timezone, and Telegram chat ID into a local memory file. This creates a durable privacy risk because the data is sufficient to profile a user and may be exposed to other skills, users, backups, or unauthorized local access if storage controls are weak.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Creating, updating, disabling, and deleting cron jobs gives the skill system-modification capability beyond passive content generation. If misused or triggered unexpectedly, this can create persistence, unwanted automated execution, or message spam, especially because the scheduled payload performs outbound delivery to Telegram.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The management flow can delete local memory entries and cron jobs, which means the skill can alter persistent local state and scheduled tasks. Even if intended for cleanup, this broad state-modification ability becomes dangerous if activation is confused, if user identity mapping is weak, or if another component can influence the targeted username or record.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Broad trigger phrases increase the chance of accidental activation during ordinary conversation. In this skill's context, unintended activation is more dangerous than a harmless response because it can lead to collection of personal birth data, setup of persistent automation, file writes, and outbound Telegram actions.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The on-demand phrases like 'my horoscope' and 'horoscope now' are generic enough to overlap with common chat requests, increasing the chance the skill runs when not intended. Because this skill can invoke scripts and potentially touch stored user profiles, accidental execution can expose or act on sensitive state.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill instructs collection and storage of sensitive personal data without any upfront privacy warning, consent language, retention period, or explanation of who can access the file. Given the nature of horoscope data, exact birth details and chat identifiers are especially privacy-sensitive and unnecessary disclosure can have lasting consequences.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill enables automated cron execution and outbound Telegram delivery without an upfront warning that messages will be sent automatically on a schedule. This can surprise users, create spam or privacy leakage to the wrong chat ID, and establish persistence that continues beyond the original interaction.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template explicitly instructs sending personalized horoscope content to a Telegram chat ID, which is an external third-party messaging channel, without any visible consent, confirmation, or disclosure step. Because the content is built from memory-searched birth data and astrological profile details, this creates a real privacy and unintended data-sharing risk if the wrong chat ID is used or if the user did not clearly opt into external delivery.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.