Security audit

Poor Mans Opus

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only personality template that can change agent behavior when manually copied into a workspace, but its behavior is disclosed and aligned with its purpose.

Before installing, read SOUL.md and the optional full configuration, back up any existing workspace SOUL.md, and diff or merge instead of blindly overwriting. Treat owner-control, file-continuity, and KILL.md behavior as agent policy changes, and avoid putting secrets in any continuity files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README tells users to replace or layer their workspace SOUL.md with a template that changes core agent identity, authority, communication style, and control rules, but it does not present this as a high-impact behavioral modification. Because SOUL.md appears to govern the agent's foundational behavior, encouraging direct copy-in without a prominent warning can mislead users into installing powerful prompt-level controls they may not fully review or understand.

Missing User Warnings

Medium

Confidence: 78% confidence
Finding: The full configuration advertises file-based continuity and kill-switch file checks, which introduce persistent state and file-trust dependencies, but the README does not clearly warn about privacy, tampering, or integrity risks. In practice, persistent memory files can retain sensitive data across sessions, and kill-switch files can be modified by other local processes or users, creating unexpected denial-of-service or behavior changes.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill contains broad activation semantics through its DNA/GENE instructions (`apply_soul` and `apply_genes|all`) without clearly scoped trigger conditions or user-confirmation boundaries. In a personality/behavior-modification skill, ambiguous activation increases the chance that an agent will apply persistent behavioral changes unexpectedly or in contexts the user did not intend, which can alter security posture and downstream decision-making.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The documented `cp ... SOUL.md` step instructs users to copy a behavior-defining file into their workspace, which can replace or conflict with an existing `SOUL.md` and materially change agent behavior. Although the file later notes that installation does not auto-overwrite, the warning is not prominent at the point of the command, so users may execute a workspace-modifying action without understanding persistence or compatibility risks.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal