Ziwei Doushu

Security checks across malware telemetry and agentic risk

Overview

This is a coherent offline Ziwei Doushu report generator with disclosed local script execution and optional chart file output.

Install only if you are comfortable running a local astrology calculation script and sharing birth details with the local tool. Use trusted sources for dependencies, choose chart output paths deliberately because exports can create or overwrite files, and treat the reading as interpretive rather than professional advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill advertises shell execution and likely file-writing behavior via the recommended `python scripts/ziwei_chart.py ...` command and optional chart export, but it declares no permissions. This creates a capability/permission mismatch that can cause the agent to run code or write files without explicit user or platform approval, increasing the risk of unintended command execution, unsafe argument handling, or unauthorized file creation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal