Back to skill

Security audit

灵犀六爻

Security checks across malware telemetry and agentic risk

Overview

This skill performs the stated divination workflow, with disclosed local history saving and optional OpenAI-based interpretation.

Before installing, understand that normal runs save your question and reading locally to the default history file unless you choose another path. Only use --llm if you are comfortable sending the question and generated reading context to OpenAI with your API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no permissions, yet its documented behavior includes reading environment variables and reading/writing local files for API keys and history storage. This creates a transparency and consent gap: users or the host may not realize the skill can access secrets and persist data, which can lead to unintended exposure of sensitive information or unauthorized local state changes.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill description presents itself as a local divination workflow, but the documented implementation can optionally call an external OpenAI service using an API key from the environment. This mismatch is dangerous because users may disclose sensitive personal questions under the assumption processing is local, when in fact data may be transmitted to a third party.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The optional LLM mode transmits the user's divination question plus generated reading context to an external OpenAI API. This is a real data exposure issue because the manifest/description presents a local divination tool and does not disclose third-party transmission, so users may reveal sensitive personal, financial, health, or relationship details without informed consent.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The code conditionally loads environment-based OpenAI credentials and invokes a remote model service, which expands the skill's trust boundary beyond what its stated purpose suggests. Even if optional, this introduces undisclosed network access and potential leakage of sensitive prompts to a third party.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill automatically writes the user's question, divination output, trace details, and other derived metadata to a persistent history file without warning or opt-in. Because divination questions are often intimate and may include health, money, legal, or relationship concerns, silent persistence creates a meaningful privacy risk, especially on shared machines or synced workspaces.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
When LLM advice is enabled, the user's question and divination judgment are sent to an external API without an explicit runtime warning about off-device transmission. In this skill context, users may assume confidentiality because the tool appears personal and introspective, which makes undisclosed sharing more dangerous.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.