ClawHub

Subhuti Coach Framework

Security checks across malware telemetry and agentic risk

Overview

This is not executable malware, but it is a mental-wellness coaching skill that handles sensitive emotional, crisis, and spiritual information with privacy and crisis-safety limits that need review before use.

Install only after reviewing the privacy and safety posture. This skill should be treated as coaching content, not therapy, medical care, or crisis support; deploy it with explicit informed consent, precise data-handling terms, opt-in tracking, deletion controls, locale-aware crisis resources, and clear instructions to stop coaching and refer to emergency or licensed professional help for high-risk situations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The file explicitly says the coach should not diagnose or treat mental health, yet the escalation copy states that a user's symptoms "sounds like depression," which crosses into quasi-diagnostic language. In a mental-health-adjacent coaching skill, users may interpret this as a clinical assessment from the system and rely on it instead of seeking appropriate evaluation, especially because the surrounding content is framed as authoritative training guidance.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The framework defaults to Buddhist-informed language and concepts throughout the coaching flow without requiring explicit user consent or offering a neutral alternative. In a coaching context, this can create covert worldview shaping, alienate vulnerable users, and undermine informed consent, especially when users may interpret the guidance as authoritative emotional support rather than optional spiritual framing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The crisis escalation section uses placeholder text such as '[Local crisis line]' instead of concrete emergency guidance, which can fail users during time-sensitive mental health crises. In a coaching skill that explicitly contemplates suicidal ideation, self-harm, psychosis, and abuse, vague referral content may delay access to lifesaving support and give a false impression that adequate safeguards are present.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The crisis template hard-codes US-specific resources like 988 and 741741 while also gesturing vaguely to a local crisis line, without first determining the user's country or region. In safety-critical situations, presenting incorrect or nonfunctional crisis contacts can delay help, confuse users outside the US, and create a false sense that the agent has provided actionable emergency guidance.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill tells users that what they share is "confidential within this platform" while also collecting highly sensitive mental-health, burnout, crisis, and spiritual assessment data. That assurance is overbroad and potentially misleading because the file does not clearly explain privacy limits, retention, access, model processing, incident handling, or when data may be visible to operators or used for system improvement.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file includes 'emergency' and high-stress intervention prompts that may be used during panic, crisis, or acute mental-health episodes, but it does not warn users that this content is not a substitute for emergency, medical, or mental-health care. In a coaching skill, users may over-rely on these prompts and delay seeking urgent help, especially because the language is soothing and authoritative in moments of distress.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This file contains emotionally evocative coaching content that explicitly guides users into anxiety, anger, sadness, grief, triggers, and 'old wounds,' but it does not include clear safety boundaries, crisis guidance, or instructions to pause and seek licensed professional support if distress escalates. In a self-guided AI coaching context, users may over-engage with destabilizing exercises, misapply them as substitutes for care, or continue despite worsening symptoms, increasing the risk of harm for vulnerable users.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README describes collection of sensitive wellness, burnout, and spiritual-orientation assessment data, but does not present a clear, prominent warning at the point of collection about what data is gathered, how it is used, retention limits, and associated privacy risks. In a mental-wellness coaching context, users may disclose highly sensitive personal information, so vague or buried privacy language can lead to uninformed consent and inappropriate handling of sensitive data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal