Back to skill

Security audit

vinci-tarot

Security checks across malware telemetry and agentic risk

Overview

This tarot skill’s code execution, image generation, local file writes, and card-art network requests are disclosed and aligned with its tarot-reading purpose.

Install only if you are comfortable with the skill running local Python, writing generated image/cache files, and making outbound requests for tarot card art. To reduce network exposure, provide a local card image directory and run the skill with normal user permissions, not administrator privileges; do not feed untrusted custom reading JSON into the image generator.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The script automatically downloads external assets on first run, which introduces undeclared network behavior and dependency on remote content. In a skill whose stated purpose is tarot reading, this creates unnecessary supply-chain and privacy risk because execution can trigger remote retrieval without explicit user consent.

Context-Inappropriate Capability

High
Confidence
75% confidence
Finding
Launching a helper subprocess to fetch assets is not inherently malicious, but it gives the skill an additional execution pathway beyond simple image composition. That increases operational and review risk, especially because the subprocess performs network-driven content acquisition not essential to core tarot interpretation.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script performs outbound HTTP requests to URLs derived from reading data or fallback logic, allowing remote content retrieval during normal operation. Even if intended for card images, this can leak usage metadata, create SSRF-style access to unexpected hosts if input is attacker-controlled, and expose the process to malicious image payloads from untrusted sources.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.