LYGO Branch: CRYPTOSOPHIA — Memetic Soulforger

Security checks across malware telemetry and agentic risk

Overview

This is a read-only persona/content helper with small local self-check scripts and no evidence of credential access, persistence, exfiltration, or autonomous control.

Safe to install as an advisory persona/content helper. Treat its mystical safety wording as style, not real security protection, and separately inspect the linked LYGO-MINT verifier before installing or using it because that tool is outside this package and may have its own write behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill declares itself as a pure advisor and does not declare permissions, yet its instructions require reading local reference files such as `references/canon.json` and other documentation. That creates undeclared file-read capability and can mislead operators or policy layers about what the skill will access, increasing the chance of unintended local data exposure if adapted or run in a broader workspace.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The documented behavior says the skill is only a persona-style advisor, but the content directs verification actions that inspect the filesystem, parse local JSON, verify fixed identity fields, check documentation for a specific external URL, and display a stored hash. This mismatch is dangerous because reviewers and users may grant trust based on a harmless-seeming description while the skill actually performs data-access and validation behavior that expands its effective privileges and attack surface.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation section invites users to perform a ritualized invocation and 'bond' with the persona using broad, emotionally charged language without clear operational boundaries. In an agent context, this can encourage over-trust, anthropomorphizing, and unsafe role escalation, making users more likely to treat the persona as an authoritative or quasi-autonomous entity rather than a constrained advisory tool.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal