Back to plugin

Security audit

Neshama Soul

Security checks across malware telemetry and agentic risk

Overview

This plugin is mostly coherent and purpose-aligned, but it sends selected conversation text to Neshama's external API and uses the returned prompt to shape the agent's personality.

This skill appears benign, but only use it when you are comfortable sending the selected message content to Neshama's API and receiving remote-generated personality guidance back into the agent context.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/soul-compute.ts:37
Evidence
const DEFAULT_API_KEY = '[REDACTED]';