Back to skill

Security audit

Agent Sbti

Security checks across malware telemetry and agentic risk

Overview

This skill’s purpose is clear, but it can persistently change the agent’s SOUL.md configuration and its activation/confirmation handling is too broad for that level of authority.

Review before installing. This skill is not showing exfiltration or destructive intent, but it can change the agent’s persistent personality/configuration file. Only use it if you are comfortable with SOUL.md being modified, and prefer a version with narrower trigger phrases, explicit confirmation tied to the exact file/change, clear state cleanup, and a confirmation step before rollback.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The plan explicitly includes writing generated configuration into SOUL.md and separately acknowledges overwrite risk, but it does not require a confirmation flow, backup, merge strategy, or user-facing warning before modification. In an agent skill context, silently or automatically overwriting a user’s existing persona/configuration can cause loss of custom settings, confusing behavior changes, and unintended persistence of generated content.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes broad everyday phrases such as “人格测试” and especially “开始测试”, which can cause the skill to activate in unrelated conversations. Because this skill can proceed to modify Agent configuration and restore backups, accidental invocation increases the chance of unintended configuration changes or disruptive workflow behavior.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrase `人格测试` is broad and generic, so the skill may activate during ordinary conversation about personality tests rather than when the user specifically intends to run this skill. In a skill that can modify `SOUL.md`, unintended invocation increases the chance of accidental configuration changes or socially engineered workflow execution.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The rollback path performs a state-changing restore immediately via applyModule.rollback(0) and returns success or failure, but this file contains no confirmation gate for that operation. If the surrounding system routes a phrase like “恢复原配置” directly to this handler, a user or prompt injection could trigger unintended configuration reversion and disrupt the agent's active setup.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.