ClawHub

Tarot Master

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only tarot assistant, but its comment-reply guidance pushes users toward private, possibly paid conversations without clear privacy or consent boundaries.

Install only if you are comfortable manually reviewing its social-media replies. Avoid using the DM and paid-follow-up wording as written; add clear privacy limits, do not request sensitive personal details, and be transparent about any paid services before moving conversations private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The file explicitly says not to charge in public comments, then immediately instructs operators to move monetization to private messages. That is still monetization guidance, just displaced to a less visible channel, and it creates pressure to collect sensitive personal context in DMs without safeguards. In a divination/relationship advice skill, users may disclose emotional or intimate details, increasing the risk of manipulative upselling.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description is very broad, matching generic tarot/divination/content requests and even social media comment handling. Overbroad routing can cause the wrong skill to activate for loosely related requests, leading to unintended behavior, policy bypass in downstream handling, or poor containment of the skill’s domain.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
Forcing output primarily in Chinese without checking user preference can create language-mismatch failures and reduce user comprehension of advice or disclosures. In a multi-skill system, this can also interfere with consistent UX and cause the agent to ignore the user’s chosen language context.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The '求详细/私信' section uses vague prompts like '能帮我详细看看吗' and immediately steers users into deeper engagement or DMs. Without clear boundaries, ordinary requests for clarification may trigger collection of personal relationship, career, or emotional details, expanding the skill's reach beyond casual tarot commentary into more sensitive advisory interactions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages users to move to private messages and even asks them to provide specific details so the reading can be 'more accurate,' but gives no privacy warning, data-minimization guidance, or caution against sharing sensitive information. In this context, users may disclose intimate relationship issues, mental state, finances, or other personal data under emotional vulnerability, creating privacy and manipulation risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal