File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- src/soul-compute.ts:37
- Evidence
const DEFAULT_API_KEY = '[REDACTED]';
Security audit
Security checks across malware telemetry and agentic risk
This plugin is mostly coherent and purpose-aligned, but it sends selected conversation text to Neshama's external API and uses the returned prompt to shape the agent's personality.
This skill appears benign, but only use it when you are comfortable sending the selected message content to Neshama's API and receiving remote-generated personality guidance back into the agent context.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.exposed_secret_literal
const DEFAULT_API_KEY = '[REDACTED]';