Back to skill

Security audit

命理大师

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local fortune-telling skill with sensitive local profile storage, opt-in push, and optional LLM use, so it is not risk-free but its behavior is broadly purpose-aligned.

Install only if you are comfortable storing birth details, locations, and optional family information on the local machine. Prefer text descriptions over face or hand photos, avoid assessing other people unless they clearly consent, use a limited API key for the optional LLM feature, and avoid running profile commands with --full or sensitive save values in shared terminals or CI logs. Use profile.js delete --purge if you need physical deletion rather than the default soft delete.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The skill restricts face-photo intake to the user themself and forbids third-party/public-figure images, but elsewhere presents '面相 / 观人' as a general capability, which can normalize judging or profiling other people. That inconsistency can lead agents to solicit or analyze third-party biometric or appearance data despite the earlier privacy safeguards, increasing privacy and sensitive-attribute inference risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The update path prints the raw field value to stdout after saving, which can leak highly sensitive personal data into terminal scrollback, shell history capture, CI logs, or remote session recordings. In this script's context, the data includes birth details, bazi, and family-member information, making accidental disclosure materially harmful.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.