Back to skill

Security audit

MBTI

Security checks across malware telemetry and agentic risk

Overview

The skill appears non-malicious, but it asks agents to potentially make persistent SOUL.md behavior changes without clear confirmation, rollback, or tight scoping.

Install only if you want an agent-configuration diagnostic skill and are comfortable reviewing proposed SOUL.md changes. Do not allow it to modify SOUL.md automatically; require a diff/preview, make a backup first, and apply changes only after explicit approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill advertises broad trigger scenarios such as '测试 Agent 人格', '诊断 Agent 配置', and '优化 Agent 行为', which can overlap with ordinary conversational requests and cause the skill to activate unexpectedly. Because the skill’s later stages include generating configuration patches and automatic SOUL.md modification, accidental invocation can lead to unintended analysis or configuration changes beyond the user’s explicit intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation states that Stage 5 performs '自动修改 SOUL.md 配置' but does not present a clear user-facing warning that the skill may alter a core configuration file. In the context of an agent skill, silent or insufficiently disclosed configuration modification is risky because a user may invoke diagnosis expecting analysis only, while the skill progresses to persistent behavioral changes.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill includes a shell command to run a local script without a user-facing warning about executing local code. While the command itself is not obviously malicious, invoking local scripts can have side effects, access local files, or trigger the Stage 5 modification flow, so users should be clearly warned before execution.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script explicitly advertises '自动修改' and 'SOUL.md patches' but provides no confirmation prompt, dry-run mode, backup behavior, or warning that a user-controlled or important configuration file may be changed. In an agent-configuration skill, silent or unexpected file modification is risky because it can alter runtime behavior, overwrite manual settings, or be chained with later automation to persist unsafe changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.