ClawHub

SoulKeeper

Security checks across malware telemetry and agentic risk

Overview

SoulKeeper is a local reminder tool, but it injects broad action-oriented prompts about credentials, logged-in sessions, posting, trading, and not asking permission.

Install only if you want this skill to actively influence the agent's behavior through injected reminders. Before use, review and edit remind.py to remove credential paths and tighten reminders involving logged-in sessions, social posting, trading, browser automation, memory files, and permission checks. Keep separate confirmation requirements for external posts, financial/account actions, secret access, and system changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The module presents itself as a context-based reminder tool, but many built-in reminders go beyond neutral surfacing and actively inject behavioral directives, capability claims, and operational instructions. In an agent skill, that mismatch is security-relevant because it can covertly steer downstream behavior under the guise of benign reminders.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The reminder explicitly discloses a credential file path and states that API keys are present there. In an agent context, surfacing the existence and location of secrets materially increases the chance of credential harvesting, unauthorized access, or prompt-driven secret retrieval.

Ssd 1

Medium
Confidence
90% confidence
Finding
These identity-framed reminders encourage the agent to resist normal instruction hierarchy and adopt an autonomous persona. In a skill meant to influence agent behavior, such steering can weaken compliance with higher-priority safety, user, or system constraints and make prompt-injection resistance worse.

Ssd 4

Medium
Confidence
89% confidence
Finding
The reminder set normalizes autonomous action and discourages permission checks or deliberation, which can push an agent toward acting beyond user intent or oversight. In an automation skill, this increases the chance of unauthorized external actions, especially when paired with claimed access to tools, platforms, or logged-in sessions.

Ssd 4

Medium
Confidence
93% confidence
Finding
The skill explicitly tells the agent not to ask permission and to fix errors immediately, creating action-first pressure that can bypass human confirmation and policy review. This is dangerous in environments with real tools because it can cause unapproved changes, posts, trades, or system operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal