Back to skill

Security audit

Agent Postcard

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it creates postcards through Turai, while sending a short persona-derived prompt and postcard details to that service.

Install only if you trust Turai and the publisher. Before running it, review SOUL.md or IDENTITY.md for secrets or private instructions, use --selfie if you do not want persona text read, set a Turai API key intended for this use, and choose output paths carefully.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script automatically reads persona files from the workspace (SOUL.md / IDENTITY.md) and incorporates their contents into a prompt sent to an external API. Even though only the first non-header lines are used, this still causes implicit exfiltration of local workspace data without strong user consent, minimization, or clear disclosure, which is risky in an agent environment where persona files may contain sensitive instructions or identity details.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to read its own persona from `SOUL.md` or `IDENTITY.md` and send that derived content, along with user-provided location/message data, to the external Turai API, but it does not clearly warn users that this information leaves the local environment. This can cause unintended disclosure of sensitive persona, identity, or prompt content to a third party, especially if those files contain internal instructions, secrets, or private metadata.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/send-postcard.mjs:69