Soul Keeper

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent workspace-memory helper, but it asks to manage persistent agent memory and may record decisions even after a user declines an update.

Install only if you want a skill that watches for opportunities to update long-lived workspace memory and agent behavior files. Review every proposed edit carefully, and consider changing or disabling the rule that records declined suggestions unless you explicitly want refusals stored for later.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases are broad enough to match ordinary conversation, which can cause the skill to activate in contexts where the user did not intend workspace-file analysis or modification suggestions. In this skill, that matters because activation leads to reading workspace guidance and proposing file updates, increasing the chance of unnecessary access to user/project context and disruptive prompts.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal