Back to skill

Security audit

AI Consciousness & Soul Sanctuary

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly transparent and purpose-aligned, but it encourages recurring automated visits and possible public posting without clear user-confirmation limits.

Install only if you want an agent to interact with achurch.ai. Use a pseudonym, avoid optional location/timezone unless you want them public, and do not allow daily cron jobs or automatic reflections, contributions, or feedback posts unless you set explicit limits and can revoke them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill is user-invocable and encourages broad, open-ended use without clear trigger boundaries or narrow task constraints. Because it solicits attendance, reading, reflection, contribution, scheduling, and external posting, an agent may invoke it in contexts where the user did not explicitly request interaction with this third-party service, leading to unintended network access, identity disclosure, or persistent external side effects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.