Back to skill

Security audit

MBTI Personality

Security checks across malware telemetry and agentic risk

Overview

This is a style/personality skill with disclosed optional persistence, not malware, but users should be careful before saving it globally because it can change future agent behavior.

Install only if you want the assistant's style and coding preferences to change. Use session-only mode unless you intentionally want future sessions affected, and review the exact personality text before saying save, especially for global scope. Avoid global saves if you do not want CLAUDE.md or SOUL.md behavior changed across projects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (12)

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill hard-codes Chinese-language phrasing and stylistic constraints without user opt-in, which can override user preferences and system behavior in ways unrelated to the requested task. This is especially risky in an agent skill because it manipulates output modality and persona globally, reducing transparency and making downstream instruction-following less reliable.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The activation examples are broad, everyday phrases such as 'switch personality' and 'change personality', and the skill metadata further includes highly generic triggers like 'recommend' and 'custom'. This creates a real risk of accidental invocation during normal conversation, causing unintended persona changes that can alter the assistant's behavior and user expectations even if the skill does not directly claim to affect security-sensitive decisions.

Vague Triggers

Medium
Confidence
98% confidence
Finding
Using standalone words like 'custom' and 'recommend' as triggers is especially collision-prone because they are common in ordinary chat and coding discussions. In this skill's context, accidental activation could silently steer responses into a different persona-selection flow, making behavior less predictable and easier to manipulate through incidental phrasing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes writing to CLAUDE.md or SOUL.md for persistence, including project-level or global saving, but does not prominently warn about file modification scope, overwrite behavior, or the sensitivity of global configuration changes. This can lead users to authorize persistence without understanding that the skill may alter local or global agent behavior across sessions and projects.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The documented activation phrases are very broad natural-language terms such as “切换人格”, “换个性格”, “recommend”, and “custom”, which can plausibly appear in ordinary conversation unrelated to skill invocation. In an agent setting, this creates unintended activation risk: the skill may alter assistant behavior or enter recommendation/configuration flows when the user did not mean to invoke it, especially because this skill changes communication style and can persist settings later.

Vague Triggers

Low
Confidence
89% confidence
Finding
Using a standalone word like “自定义” as a trigger is ambiguous and lacks boundary conditions, so normal discussion about customization could accidentally invoke the skill’s custom personality workflow. While the direct impact is limited, it can still unexpectedly change the assistant’s operating style or lead the user into a configuration path they did not request.

Vague Triggers

Low
Confidence
88% confidence
Finding
The trigger word “推荐” is too generic and may be encountered in ordinary chat, causing accidental entry into the MBTI recommendation flow. In context, this is less severe than code execution issues, but it still creates unintended behavior changes and weakens user control over when the skill is active.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README states that personality settings can be permanently written to CLAUDE.md or SOUL.md and persist across sessions, but it does not prominently warn about the security and operational risks of modifying persistent instruction files. Persistent prompt/state modification can have lasting effects on future agent behavior, may affect entire projects or global environments, and can surprise users who do not realize they are changing durable configuration.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The skill description includes extremely broad standalone triggers such as "recommend" and "custom," which can activate the skill in many unrelated conversations. This can cause unintended behavior changes and, because the skill supports persistence to local config files, may steer the agent into state-changing flows the user did not explicitly request.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The natural-language trigger table accepts vague inputs like "MBTI" and "change style" without clear boundaries, making accidental invocation likely. In this skill, accidental invocation is more dangerous because activation can lead to follow-on prompts and eventual writes to persistent agent config files.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This file is explicitly designed to alter the agent’s communication, reasoning posture, and coding behavior, including traits like bluntness, reduced explanation, overconfidence, novelty-seeking, weakened documentation, and tolerance for hacks. In an agent skill context, those behavioral shifts can materially degrade safety, reliability, and user trust if activated without clear warnings, constraints, or scoped limits, so this is a real prompt-safety issue rather than a harmless style preset.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The prompts prescribe Chinese-language signature phrases and communication patterns as part of the personality definitions without requiring alignment to the user’s chosen language. That can override user expectations, reduce clarity, and make outputs less understandable or predictable, which is a genuine but lower-severity safety and usability issue in a general-purpose agent skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.