Pixel Familiar Soul V1.1

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed business-orchestrator identity skill, but it gives the agent very broad autonomous authority for non-financial actions without enough safeguards.

Install only if you want this agent identity to operate with substantial autonomy. Before using it in a real workspace, add explicit approval gates for publishing, external communications, account or production changes, destructive edits, sensitive data access, and any delegated background work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly authorizes fully autonomous action for everything except a short list of money-moving and outreach operations, culminating in the instruction 'If it doesn't move money, just do it.' That broad permission can lead the agent to take impactful external actions without explicit user confirmation, including modifying systems, sending messages, changing content, or triggering workflows, which is risky in an orchestrator skill designed to delegate and execute across multiple agents.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal