Back to skill

Security audit

风水大师助手2.7.0

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it advertises, but it needs Review because it handles sensitive images, birth details, API keys, and saved reports with incomplete safeguards.

Review before installing. Use a restricted API key or dedicated config file, avoid submitting private palm, face, home, or exact birth information unless you accept third-party processing, and manually delete generated /tmp/tianji_fengshui* files after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (16)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The script prints the first 10 characters of sensitive environment variables to the console, which constitutes partial secret disclosure. Even truncated API keys can aid correlation, leak identifying prefixes into logs/CI output, and violate the script's own stated security posture that key printing was removed.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The extractor and validator allow any readable image under /home/$USER/, which is much broader than the code comment suggests and includes potentially sensitive personal photos or screenshots. Because the request parser accepts natural-language input containing a path and the downstream analyzer can send that file to an external service, this creates an unintended local-file exposure channel.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script base64-encodes a palm image and transmits it to a third-party API without clear user consent, disclosure, or privacy warning. Biometrics-like hand imagery can be sensitive personal data, and sending it off-host to an external model provider exposes users to data handling, retention, and jurisdiction risks they may not expect.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The script writes analysis reports containing image paths and potentially sensitive derived personal inferences to /tmp without an explicit warning or access controls. On multi-user systems, temporary directories may increase exposure through overly broad file permissions, accidental sharing, backup collection, or later forensic recovery.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script transmits full image contents to a third-party remote API without an explicit consent or privacy warning at the point of upload. This is dangerous because users may provide sensitive personal images (faces, palm prints, interiors) without realizing they are being exfiltrated off-host, creating privacy, compliance, and data handling risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document describes collecting complete birth details and images for analysis of highly sensitive personal data, but it does not include any privacy notice, consent language, minimization guidance, or handling restrictions. In the context of a skill that appears to operationalize these analyses, this can normalize oversharing of personal data and lead to unauthorized collection, retention, or downstream use of sensitive information.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The file documents palm-image analysis and explicitly references use of an external vision model, but provides no warning that uploaded images may be transmitted to a third-party service. Users may reasonably assume local processing, so the omission creates a real privacy and data-transfer risk, especially for biometric-like hand images and associated personal context.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples explicitly ask users to provide highly sensitive personal data including name, sex, and exact birth date/time for Bazi analysis, but they do not include any privacy notice, minimization guidance, or handling limitations. This creates a realistic risk of unnecessary collection and downstream retention of personal data that can be sensitive in many jurisdictions and environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill invites users to upload a palm image for analysis without warning that such images are sensitive biometric-style personal data and may expose other identifying information. Even if intended for fortune-telling, encouraging upload of body-part images without privacy controls increases the risk of misuse, retention, or unintended disclosure.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Sensitive environment variable values are partially disclosed directly in console output without any warning, consent, or masking policy. In real deployments this output may be captured in shell history, terminal scrollback, support bundles, or CI logs, expanding the exposure of API credentials beyond intended users.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This code sends local image content to an external vision API based on user input, but it does not provide a clear consent flow or privacy warning at the point of transmission. In this skill's context, users may believe they are performing local analysis while actually uploading personal images such as palm photos, home interiors, or office layouts to a third-party provider.

Ssd 3

Medium
Confidence
98% confidence
Finding
The knowledge base includes identifiable individuals' names, gender, birth dates/times, and related analysis details in plain language. Storing sensitive personal data inside skill documentation creates an exposure and retention risk because the information may be accessible to maintainers, models, logs, or downstream systems beyond the original analysis context.

Ssd 3

Medium
Confidence
94% confidence
Finding
The text promotes building long-term memory and a case database from accumulated analyses, implying persistent retention of sensitive user inputs. Without limits on consent, minimization, retention period, or access controls, this creates a meaningful risk of overcollection and long-term exposure of personal data.

Ssd 3

Medium
Confidence
96% confidence
Finding
The standard workflow instructs collection of complete personal information or images as the first step, without any privacy constraints or minimization guidance. In a skill handling birth data and palm images, that creates a direct operational pattern for gathering sensitive data beyond what may be necessary and increases the chance of misuse or improper retention.

Ssd 3

Medium
Confidence
95% confidence
Finding
The case database includes apparent real-person names, genders, birth dates/times, and derived metaphysical profiles. Even if used as examples, this normalizes storing and reproducing sensitive personal data and can lead the skill to expose or process personal information without clear consent or minimization.

Ssd 3

Medium
Confidence
97% confidence
Finding
The command examples explicitly instruct users to submit name, gender, and full birth date for analysis. This encourages collection and retransmission of personal data, increasing the chance the skill will solicit, log, or echo sensitive information in outputs without appropriate safeguards.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.