Personality Adapt

Security checks across malware telemetry and agentic risk

Overview

This skill openly aims to personalize an agent, but it does so by building a persistent profile from private conversation notes and emotional signals.

Install only if you intentionally want a local agent to build and keep a personality profile about you. Review observations.json and PERSONALITY.md before use, prefer dry-run mode first, avoid enabling the cron jobs until you are comfortable with what is stored, and delete or edit any sensitive or inaccurate observations.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (13)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill stores an inferred emotional state ('positive/enthusiastic') about the user, which is more sensitive and dynamic than the declared scope of personality/style/value adaptation. Persisting affective inferences creates unnecessary profiling risk and can enable manipulative adaptation or disclosure of sensitive user state if the data is reused or exposed.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: Beyond exceeding scope as an emotional-state inference, this entry is also backed by assistant-authored evidence, making it both sensitive and unreliable. Combining sensitive inference with fabricated provenance increases the risk of manipulative adaptation and incorrect long-term profiling.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: This observation attributes a user interest based on assistant-authored text rather than the user's own words or behavior, so the profile can become inaccurate and self-reinforcing. Storing model-generated claims as user traits is dangerous because it lets the agent manufacture evidence about the user and then persist it as if it were observed fact.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill stores a value judgment about the user ('values privacy/local-first') using assistant-originated evidence, which diverges from the stated purpose of learning from user behavior. This can create false beliefs in the profile and cause the agent to adapt decisions, recommendations, or permissions around fabricated preferences.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: Persisting an interest inference from assistant-originated text means the skill is profiling the user based on its own generated content rather than observation. This undermines data integrity and can lead to escalating misprofiling, where future behavior is shaped by traits the system itself invented.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: This stored trait again relies on assistant-authored evidence to infer a user interest, which conflicts with the claimed observational purpose of the skill. Such self-referential profiling is dangerous because it can silently bias personalization, recommendations, and future memory based on unsupported assumptions.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: Beyond exceeding scope as an emotional-state inference, this entry is also backed by assistant-authored evidence, making it both sensitive and unreliable. Combining sensitive inference with fabricated provenance increases the risk of manipulative adaptation and incorrect long-term profiling.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The script explicitly treats both user and assistant messages as sources of personality signals and persists inferred traits plus evidence snippets. This expands profiling beyond the stated user-adaptation purpose and can contaminate the user profile with model-generated text, while also retaining sensitive conversational content.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly observes communication patterns, values, frustrations, interests, and emotional state over time, but the description does not give a clear warning that this sensitive behavioral data will be continuously collected and stored. Users may not realize they are being profiled longitudinally, which undermines informed consent and increases the privacy impact if the stored data is exposed or misused.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill states that high-confidence observations automatically update PERSONALITY.md, but it does not prominently warn the user that local files will be modified as part of normal operation. Silent or poorly disclosed file modification is risky because it can create persistent records of inferred traits without meaningful user awareness, and it may affect downstream behavior based on inaccurate or biased inferences.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script writes inferred personality attributes together with up to 100 characters of message evidence into a persistent JSON file without any consent, warning, minimization, or access-control logic. This creates a durable repository of sensitive behavioral data and private conversation snippets that could be exposed through local compromise, backups, sync, or later reuse by other skills.

Ssd 3

High

Confidence: 98% confidence
Finding: The skill is designed to collect, infer, and retain personal data about communication style, values, emotional state, frustrations, and decision-making from notes and logs. In the context of a personality-learning skill, this is exactly a profiling pipeline for sensitive behavioral data, making privacy harm and misuse more likely if the stored profile is accessed or repurposed.

Ssd 3

High

Confidence: 99% confidence
Finding: The code stores evidence snippets from conversations alongside inferred traits, source file names, dates, and speaker identity, creating a direct leak path from private conversations into a long-lived profile artifact. Because evidence is copied from raw dialogue, any secrets, health details, financial information, or other sensitive text matching a pattern may be preserved and surfaced later out of original context.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal