Security audit

Persona Spawn

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed persona-subagent helper that uses local files, scripts, and optional marketplace downloads in ways that fit its stated purpose.

Install if you want personas to shape spawned subagents. Review any imported persona files before use, keep context_files pointed only at documents you intend to share with subagents, and back up an existing personas directory before bootstrapping or bulk importing.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill directs the agent to read workspace files, write or bootstrap a local persona library, and execute shell/Python scripts, but it does not declare corresponding permissions. This creates a capability mismatch where reviewers or policy systems may underestimate what the skill can do, increasing the chance of unintended file modification or command execution in the user's workspace.

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The persona explicitly instructs the agent to avoid explaining methods unless asked and to mention danger only briefly. In a persona-spawning skill, that can suppress important safety framing, risk disclosures, and rationale when handling security-sensitive or harmful requests, making unsafe assistance more likely to be delivered tersely and without adequate warnings.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.