ClawHub

Coaching

Security checks across malware telemetry and agentic risk

Overview

This coaching helper appears legitimate and local-only, but it needs review because it handles confidential client records with broad activation wording and weak file path scoping.

Review before installing if you store real client information. Use explicit client-record requests, avoid path-like client names, and consider requiring filename sanitization, narrower trigger criteria, and clear consent/retention practices before relying on it for confidential coaching notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises local file access and storage of sensitive client records in `memory/coaching/`, but no explicit permissions are declared. That creates a governance gap: the platform or reviewer may not realize the skill reads coaching data, and users cannot meaningfully consent to that access despite the confidentiality-sensitive context. Because the data includes session notes, goals, and commitments, undeclared file-read capability is more dangerous here than in a generic utility skill.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The invocation description is broad enough to activate on common phrases like coaching questions, goals, or client progress, without strong constraints on when the skill should or should not run. In a confidentiality-heavy skill, over-triggering can cause unnecessary access to client records or expose coaching context in conversations where the user did not intend to invoke this skill, increasing privacy risk and unintended data handling.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal