Use Soulseek to Chat and Share Files

Security checks across malware telemetry and agentic risk

Overview

This is a transparent instruction-only skill for using Soulseek, with expected but important risks around peer-to-peer sharing, external installs, and account credentials.

Install only from sources you trust, use a dedicated Soulseek account and password, avoid putting reusable credentials in shell history, share only an empty or dedicated non-sensitive folder, and treat all chat messages, peers, and downloaded files as untrusted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs users to place Soulseek account credentials in environment variables without warning that environment variables may be exposed through shell history, process inspection, logs, crash reports, or inherited subprocess environments. In this skill's context, the risk is amplified because it encourages interaction with an untrusted peer-to-peer network and third-party CLI tooling, increasing the chance that credentials are mishandled or reused elsewhere.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal