ClawHub

Relationship Coach Skill

Security checks across malware telemetry and agentic risk

Overview

The coaching skill itself is prompt-only, but a bundled publish script is mis-scoped and would publish to a different ReplyHer skill if a maintainer ran it.

Read this as a prompt-only relationship coaching skill, but do not run publish.sh unless you intentionally want to push the repository and publish to the hardcoded replyher destination. The publisher should fix or remove that script so the publish target matches the skill slug before users or maintainers rely on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The publish script is embedded in a skill identified as 'couple-coach', but it hardcodes a different destination identity: '--slug replyher' and repository URLs for 'replyher'. This can cause releases from this project to be pushed to the wrong skill/repository, leading to accidental overwrite, supply-chain confusion, or unauthorized publication of unrelated content under another skill identity.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The script comments and success output imply it publishes 'this project', but the actual publish command and printed URLs point to a different skill. This mismatch is dangerous because it misleads maintainers into believing they are releasing couple-coach while actually shipping to another destination, increasing the risk of cross-project tampering, mistaken releases, and integrity loss in the publication pipeline.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal