Oejts Personality Tuner

Security checks across malware telemetry and agentic risk

Overview

This skill transparently scores a personality questionnaire and can save scoped assistant-preference blocks into USER.md and SOUL.md.

Install this only if you want questionnaire-derived interaction preferences stored in your workspace. Run the dry-run first, review the USER.md and SOUL.md managed blocks, and remove those blocks later if you no longer want that personalization.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill instructs the agent to read and modify workspace files (USER.md and SOUL.md) via the `apply` command, but no explicit permissions are declared. That mismatch can cause the skill to obtain file read/write behavior without transparent user-facing permission boundaries, increasing the risk of unintended or overbroad file modification in a sensitive configuration context.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The apply command writes directly to USER.md and SOUL.md in the provided workspace, changing persistent configuration files that affect future assistant behavior. Although a --dry-run mode exists, there is no mandatory confirmation, backup, or explicit warning before modification, so a user or calling agent can unintentionally overwrite existing content or silently alter behavioral guidance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal