Back to skill

Security audit

bazi-fortune-analysis

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only BaZi astrology skill whose personal-data requests fit its stated purpose, with privacy caution needed before use.

Install only if you are comfortable sharing birth details for an astrology reading. Use approximate or limited details where possible, and treat health, finance, relationship, and life advice as cultural or entertainment guidance rather than professional advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly asks for full birth date, time, birthplace, and sex, which are sensitive personal attributes and can increase privacy and profiling risk if collected without a clear warning, minimization guidance, or handling policy. In this context, the data is central to the astrology workflow, so the collection is functionally relevant rather than malicious, but the absence of privacy notice and safer collection boundaries still makes it a real privacy weakness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.