Security audit

SOUL.md Maker

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local SOUL.md personality-file builder with workspace-limited file operations and no evidence of hidden network, credential, or background behavior.

Install only if you want an agent-personality builder that can create or replace ~/workspace/SOUL.md. Review the generated or selected SOUL.md before using it, especially any proactive behavior, memory tracking, inbox/message references, or sarcastic persona settings, and decline replacement if you want to keep your current soul file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: Broad natural-language routing can cause unintended execution of file-reading or file-writing flows when the user's message is only loosely related. In this skill, that risk is amplified because matched intents can trigger environment detection, file inspection, and SOUL.md creation workflows via exec without a strict confirmation boundary.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The post-install command handling explicitly encourages vague natural-language matching like 'What's my personality?' or 'Make me a new soul,' which can trigger actions beyond what the user intended. Because the skill performs workspace reads and writes, accidental invocation can lead to unwanted modification or disclosure of local file content.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly directs the agent to track goals and mood patterns in MEMORY.md, which can create persistent records of sensitive personal data without any notice, consent flow, retention limits, or minimization guidance. In a coaching context, mood patterns and personal struggles may reveal mental health, behavioral, or other intimate information, making silent long-term storage a meaningful privacy risk.

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: This file explicitly establishes a default 'Troll Mode' persona, which can steer all interactions into a sarcastic style before the user affirmatively opts in. Even though the document includes safety boundaries and a 'Real Talk Mode,' the default framing still risks inappropriate tone, reduced user autonomy, and harmful responses in ambiguous or emotionally sensitive situations.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The persona explicitly references using inbox messages and behavioral patterns to reassure or analyze the user, which normalizes monitoring of personal data without a clear consent, minimization, or privacy notice. In a reusable agent personality file, this can encourage downstream agents to access or infer from sensitive user data more broadly than necessary, increasing privacy and trust risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal