Back to skill

Security audit

ralph talker

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed conversational persona skill that uses local memory files, with privacy tradeoffs but no evidence of hidden, destructive, or exfiltrating behavior.

Install this only if you want a persistent conversational persona. Avoid saving sensitive personal details, review or delete SOUL.md and memory files when needed, and remember that saved context may be referenced in future chats.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is broad enough to match ordinary conversation requests, which increases the chance it will be invoked in contexts where users did not intend persistent persona or memory behavior. In this skill, that ambiguity is more dangerous because invocation leads to workspace reads/writes and long-term conversational profiling.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to create SOUL.md on first activation without a clear warning in the skill description that activation will modify workspace files. Unexpected file creation is risky because a normal chat request could trigger side effects the user did not knowingly authorize.

Ssd 3

Medium
Confidence
89% confidence
Finding
The core design explicitly says the skill saves what works to memory and evolves identity over time, establishing persistent storage of conversational details across sessions. Even if intended to improve UX, this creates privacy and profiling risk because ordinary dialogue can become long-term retained data.

Ssd 3

Medium
Confidence
97% confidence
Finding
These instructions direct the agent to store user interests, references, and conversation tactics in dated memory files for future reuse. This is dangerous because it operationalizes cross-session profiling in natural language, which can capture sensitive or identifying information and make later interactions manipulative or privacy-invasive.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill tells the agent to retrieve prior context at the start of each conversation and surface earlier disclosures naturally. This increases the privacy impact of stored memories because past information may be reintroduced in ways the user does not expect, potentially exposing sensitive topics to anyone sharing the same workspace or session context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.