ClawHub
Back to skill

Security audit

MakeSoul Lite

Security checks across malware telemetry and agentic risk

Overview

The skill’s sharing purpose is coherent, but it handles a permanent private key too casually and documents destructive API actions without enough safeguards.

Install only if you trust makesoul.org with the identity files you publish and can store the private key securely. Do not paste or display the private key in chat, terminals, logs, or shared files, and require explicit confirmation before using update or delete actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The manifest explicitly describes issuing and returning a permanent private key via API responses, including a login flow that returns the key again, but provides no warning about secret handling, storage, rotation, revocation, or transport safeguards. In an agent-skill context, this is dangerous because the skill may encourage automated logging, prompt display, or insecure persistence of long-lived credentials that grant control over create/update/delete actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation instructs the agent to extract and then print the returned private key with `echo "Private Key: $PRIVATE_KEY"`, which normalizes credential disclosure into logs, transcripts, terminals, and other observability systems. In an agent setting, output is often persisted or shared across tools, so exposing a long-lived authentication secret materially increases the chance of account takeover or unauthorized API use.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents a destructive `DELETE /api/souls/{id}` operation with no confirmation, dry-run, ownership-verification workflow, or warning about irreversible deletion. In agent workflows, this can lead to accidental or prompt-induced destructive actions against user data, especially when the agent is following broad instructions automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal