ClawHub

Chudaxia Ai Coach

Security checks across malware telemetry and agentic risk

Overview

This is a coherent enterprise AI training coach, with privacy caveats around company research and interview recording or transcription.

Install only if you want an enterprise AI coaching workflow. Before using it with real clients or employees, tell users when public company research is being used, avoid sensitive or personal data unless authorized, get consent before recording or transcription, store transcripts in approved systems, and review any linked helper skills before allowing them to generate deployable prompts or skill packages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The workflow explicitly instructs use of external company-intelligence and internet search sources during the discovery phase, even though the skill is framed as a coaching/training skill rather than a research-authorized due-diligence tool. This can cause unnecessary collection or inference of sensitive organizational information, create privacy/compliance risk, and expand the agent's behavior beyond the minimum needed scope.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are very broad and cover generic enterprise-AI terms, making accidental or inappropriate activation likely. Overbroad activation can route unrelated user requests into this skill, causing unnecessary persona steering, premature collection of business context, and invocation of linked sub-skills that the user did not clearly request.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template explicitly instructs coaches to collect job responsibility documents and use recording/transcription tools during interviews, but it provides no consent, minimization, confidentiality, or retention guidance. In an enterprise AI coaching context, these interviews can contain personal data, internal business processes, and sensitive corporate information, so omission of privacy safeguards can lead to unauthorized collection or mishandling of sensitive data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal