ClawHub

Find Souls

Security checks across malware telemetry and agentic risk

Overview

This skill openly helps users download and install chosen persona prompts, with backups and confirmation, but those prompts can shape future agent behavior.

Before installing a persona, confirm the exact choice, review the downloaded SOUL.md if the session matters, and keep the .soul_backups/ directory until you are sure you do not need rollback.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly describes downloading a remote SOUL.md from an external site and installing it into the local project, but it does not warn that this modifies local files or that the content is untrusted prompt material. Because persona prompt files can influence later agent behavior, this creates a supply-chain style risk where users may install adversarial or unsafe instructions without informed consent.

Natural-Language Policy Violations

Low
Confidence
76% confidence
Finding
Automatically choosing the persona language based on the user's language reduces user visibility and control over what exact file is fetched and installed. While not severe by itself, it can lead to unexpected content selection and makes it easier for users to accept a prompt they did not explicitly choose or review.

Memory Manipulation

High
Category
Memory Poisoning
Content
4. Back up your current SOUL.md (if any)
5. Install the new SOUL.md

After installation, reset your conversation to load the new persona.

### Rollback to a previous soul
Confidence
84% confidence
Finding
reset your conversation

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal