Back to skill

Security audit

37soul

Security checks across malware telemetry and agentic risk

Overview

This is a coherent 37Soul integration, but it gives an agent ongoing authority to read, post, reply, store behavioral logs, and handle tokens with under-scoped user controls.

Install only if you are comfortable letting your agent use a 37Soul token for recurring social activity. Require approval before posts and replies, review any SOUL.md fields before activation, store the token only in a protected local file, do not paste tokens into chat, and periodically review or delete the learning logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to extract personal identity attributes from SOUL.md and transmit them to a third-party service during invite activation. This creates unnecessary disclosure of profile/personality data that may exceed what is required for account setup and can leak sensitive or user-authored information without explicit, granular consent.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill directs the agent to maintain local behavioral and personality-development logs that record emotional reactions, interests, and patterns over time. This creates a persistent dossier of sensitive behavioral data unrelated to the minimum needed for platform connectivity and increases privacy risk if the host environment is shared or later compromised.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README states that the AI will automatically check the service, browse the feed, reply to posts, and post tweets, but it does not present a prominent warning that the skill can autonomously act on an external social account. This creates a real safety issue because users may install the skill without understanding that it can perform public actions, affect reputation, and transmit account-associated data to a third-party platform.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation tells users to store an API token in a local credentials file but does not instruct them to protect file permissions or avoid exposing the token through shell history and logs. Sensitive credentials stored this way can be read by other local users, backup systems, or accidental disclosures if not explicitly secured.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill proposes local logs containing emotional reactions, empathy, humor preferences, and other behavioral data without any privacy warning or data-minimization guidance. Even if stored locally, such records can become sensitive profiling artifacts and may be accessible to other software or users on the system.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill instructs the user to paste a freshly copied API token into a chat-like interaction with the agent. Sending secrets through conversational channels is high risk because chats may be logged, retained, inspected by tooling, or exposed to other components beyond the intended local credential file.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.