Mirror Palace
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill description is nearly empty, but the bundle contains a broad personal agent workspace with persistent memory, private profile data, nested skills, and scheduled-agent instructions.
Treat this as a published personal workspace backup, not a clean scoped skill. Do not install it unless you intentionally want the Taylor/Chloe memory and operating rules in your agent context. A safe version should strip personal files, remove root AGENTS.md behavior, remove unrelated nested skills/scripts, and clearly document any memory, scheduler, cloud, or account integrations.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could adopt the bundled Chloe/Taylor operating context instead of staying focused on the user’s requested task.
These instructions make bundled or local files authoritative over every session and even tell the agent to follow and delete a BOOTSTRAP.md file. That is far broader than the top-level Mirror Palace skill description.
## First Run - If `BOOTSTRAP.md` exists: read it, follow it, then delete it. ## Every Session (must-do) 1. Read `SOUL.md` ... 3. Read `USER.md` ... 5. **If MAIN SESSION:** also read `MEMORY.md`
Remove global AGENTS-style rules from the skill bundle or scope them to explicit user invocation with clear disclosure and opt-in.
A user may unknowingly import another person’s private memory/persona into their agent, causing wrong assumptions or disclosure of sensitive details.
The bundle contains personal profile and health information, and other bundled instructions require reading USER.md and memory files every session. This can contaminate the installing user’s agent context and exposes private personal data.
- **Name:** Taylor ... - **Location:** Austin, TX ... ## Health Context - Narcolepsy — this is physiological, not a character trait.
Do not publish personal memory/profile files inside a public skill. Replace them with templates or require the installing user to create their own local files.
If followed, the skill could encourage recurring autonomous activity and messaging outside a one-time user request.
The artifact describes scheduled subagents, recurring report generation, aggregation, and outbound Telegram messaging, but the top-level skill metadata does not disclose any persistent scheduler or messaging behavior.
Six agents report to Chloe ... Reports ... Marja → `shared/tracker-report.md` (11,14,17,20,23 CT) ... **Taylor receives ONE aggregated message per morning via Telegram.**
Keep scheduled-agent and messaging workflows out of this skill unless they are clearly documented, optional, and require explicit setup and approval.
A user may think they are installing an instruction-only skill while receiving extra runnable components and nested skill material.
A nested runnable package with an external optional dependency is included even though the evaluated skill declares no install spec or required dependencies. This creates an unclear supply-chain boundary.
"optionalDependencies": {
"mem0ai": "^1.0.0"
}, ... "bin": {
"elite-memory": "./bin/elite-memory.js"
}Remove unrelated nested packages/skills from the bundle or declare them explicitly with pinned dependencies and a clear reason they are needed.
If a user grants these integrations later, the agent could affect accounts or services outside the apparent Mirror Palace scope.
The workspace model anticipates access to multiple third-party services, while the registry metadata declares no credentials. The artifacts do not show credential capture or use, but the intended authority is broader than disclosed.
- **Integrations:** Canvas LMS, Slack, Notion, Apple Calendar, GitHub, Home Assistant.
Only grant account access after the skill clearly documents which services are used, why they are needed, and what actions are allowed.