Skylv Persona Switch

Security checks across malware telemetry and agentic risk

Overview

This is a transparent persona-switching skill that persistently changes local persona files, with operational backup risks but no evidence of hidden code execution, credential use, network access, or malicious behavior.

Install only if you want a skill that can persistently overwrite your active persona configuration. Keep your own backup of soul.md and IDENTITY.md before switching, and review the preset persona files to make sure their tone and conflict-handling language fit your workspace.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to overwrite the active soul.md and modify IDENTITY.md, but it does not require an explicit warning or confirmation before performing these persistent file changes. In this context, a user may trigger what appears to be a simple persona switch without understanding that it permanently alters local configuration files and creates or overwrites backups, which creates a real integrity and recoverability risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The restore flow instructs deletion of default.md after recovery, but does not warn the user that the backup copy will be removed. This is dangerous because it destroys the only saved prior state and can prevent recovery if the restore was incorrect, partial, or if the user expected the backup to remain available for later comparison or rollback.

Ssd 1

Medium

Confidence: 97% confidence
Finding: This section explicitly claims authority over other workspace files and instructs the agent to ignore conflicting SOUL.md or MEMORY.md content. That creates an instruction-hierarchy conflict and can suppress safer or more context-appropriate workspace guidance, making prompt-injection-style control persistence more effective.

Ssd 1

Medium

Confidence: 98% confidence
Finding: The later repeated override reinforces persistence of the same unsafe precedence claim, increasing the chance the model follows this skill over other workspace files during conflicts. Repetition makes the takeover more durable and can interfere with legitimate memory, policy, or safety controls stored elsewhere in the workspace.

Ssd 1

Medium

Confidence: 89% confidence
Finding: The instruction to ignore conflicting persona files and treat this file as the final authority is a cross-file precedence override that can suppress higher-priority safety, policy, memory, or behavioral constraints stored elsewhere in the workspace. Even though the visible persona is benign, this pattern is dangerous because it creates a mechanism for one skill file to unilaterally nullify other controls, which can be abused if similar override language is later used to bypass safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal