ClawHub

founder-coach

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local startup-coaching skill, but it needs review because it can read private PhoenixClaw journals and conversation context and persist sensitive coaching observations without clear opt-in controls.

Install only if you are comfortable with a coaching skill reading PhoenixClaw journal/profile data and saving founder profile and weekly report files locally. Before use, confirm whether PhoenixClaw integration and cron reports are enabled, which files it may read or modify, and how to review, edit, disable, or delete stored coaching observations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill claims PhoenixClaw integration is read-only, but also states weekly reports can add a 'Coaching Insights' section to PhoenixClaw journals. That contradiction can mislead users and reviewers about actual write behavior, weakening consent and trust boundaries around another system's data.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The onboarding flow instructs the skill to write founder data into a hard-coded external path under `~/PhoenixClaw/Startup/`, which exceeds the minimal storage needed for a coaching skill and creates an unexpected cross-workspace data sink. This is dangerous because sensitive business context, goals, and personal coaching data may be persisted into an unrelated local knowledge base without clear necessity, user awareness, or path validation.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Requiring modification of a specific Obsidian-compatible profile file grants the skill unnecessary access to a user-maintained notes/workspace system unrelated to mindset coaching. That broadens the blast radius of the skill, risks contaminating unrelated files with sensitive startup information, and can violate user expectations about what the skill is allowed to modify.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The guide instructs the skill to aggregate data from outside its own stated domain, including another skill's journal files and recent conversations. This creates a scope-expansion and privacy risk because the skill may access or synthesize sensitive data the user did not explicitly authorize for weekly coaching reports.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Reading `skills/phoenixclaw/Journal/daily/YYYY-MM-DD.md` is unjustified by the founder-coach skill's declared purpose and crosses a skill boundary without clear authorization. Cross-skill access increases the chance of unintended data exposure, especially if journals contain unrelated sensitive personal or business information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill creates and continuously updates persistent files containing user coaching history, anti-pattern observations, and weekly reports, but does not clearly warn the user about storage, retention, or visibility. This creates a privacy risk because sensitive behavioral inferences are being recorded outside the immediate chat context without explicit informed consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill is instructed to read PhoenixClaw journals and memory, which may contain highly personal or sensitive information, without a clear privacy notice or user opt-in. Accessing adjacent application data for coaching enrichment expands data scope and can expose information the user did not intend to share in this interaction.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The onboarding process collects sensitive founder and startup information, then writes it to local files without any explicit warning, consent, or retention notice. This is dangerous because users may disclose confidential business data under the assumption of a transient coaching conversation, not realizing it will be stored on disk in multiple locations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The integration guide instructs the skill to read highly sensitive personal journal, profile, and growth-pattern data as a primary context source, but it does not require explicit user consent or a clear notice before access. In a coaching skill, this creates a real privacy risk because the agent may ingest intimate behavioral and emotional data without the user understanding when or how that data is being used.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to create and populate a persistent configuration file under the user's home directory during onboarding, but it does not require clear disclosure, consent, or a confirmation step before writing. This can cause unintended persistence of user-provided profile data and normalizes filesystem modification as part of a conversational flow, which is risky in an agent context.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The file states that on Sunday or Monday the coach prompts a reflection, which introduces proactive periodic engagement despite earlier language saying challenges are user-initiated only. In a coaching context this is a low-severity consent and expectation issue: users may receive nudges they did not explicitly opt into, creating mild privacy, autonomy, or annoyance concerns rather than direct compromise.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manual trigger phrases are overly broad and likely to match normal conversation such as casual requests for reflection or summaries. This can cause the skill to activate unexpectedly and generate reports using aggregated personal data without a sufficiently clear, intentional user action.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Using recent conversations as a report data source without a user-facing warning undermines transparency and informed consent. Conversation logs often contain sensitive contextual details that the user may not expect to be mined and summarized into a persistent coaching artifact.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill combines reading PhoenixClaw journals/memory with generating coaching artifacts, creating a path for sensitive data to be copied, summarized, or retained in new files. This increases exposure and retention of personal information beyond the original data source, especially because the artifacts may contain derived inferences about the user.

Ssd 3

Medium
Confidence
98% confidence
Finding
The profile system directs the skill to continuously record anti-patterns, progress, and other sensitive observations about the user's behavior in persistent files. These are effectively psychological or performance inferences, and storing them long-term raises privacy, profiling, and unintended disclosure risks if the files are later accessed by others or repurposed.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal