speech-coach

Security checks across malware telemetry and agentic risk

Overview

This is a coherent public-speaking coaching skill that saves local progress data but shows no evidence of network access, credential use, or hidden behavior.

Install only if you are comfortable with the skill saving plaintext coaching profile and progress files locally. Avoid entering sensitive workplace or personal details, and review or delete ~/.openclaw/workspace/speech-coach if you no longer want the history retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill performs file reads and writes in the user's home workspace and invokes local CLI tooling, but it does not declare any permissions or provide transparent notice about those capabilities. This creates a trust and sandboxing problem: users and the platform may assume the skill is purely conversational while it actually persists data and executes local commands.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The advertised behavior is speech coaching, but the implementation also manipulates persistent training state through local files and CLI commands such as scoring and unlock operations. Even if these actions support coaching, the undeclared state changes and command usage expand the skill's effective privileges and can surprise users, making abuse or accidental misuse more likely.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The usage examples are very broad, everyday phrases like wanting to practice public speaking or prepare for a presentation. In skill-routing systems that match on natural-language triggers, such generic examples can cause unintended activation in normal conversations, leading the agent to enter this skill when the user did not explicitly request it. This is not code-execution dangerous, but it can degrade routing integrity and user trust.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill collects personal profile information such as speaking challenges, occupation, and self-rating, then writes it to a persistent JSON file without any user-facing disclosure or consent flow. Because this data is stored in a predictable local path, it may be retained longer than expected, exposed to other local processes, or reused in ways the user did not knowingly authorize.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal