Flirt Coach Skill

Security checks across malware telemetry and agentic risk

Overview

The flirting-coach instructions are low-risk, but a bundled publish script can release the skill under a different ReplyHer listing.

Review is recommended before installing or reusing this package. The coaching prompt itself is ordinary, but do not run publish.sh unless you intend to commit, push, and publish to the ReplyHer ClawHub slug; maintainers should fix the slug and README naming mismatch first.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The publish script is hardcoded to publish a different skill identity (`--slug replyher`) and references a different repository/ClawHub URL than the declared `flirting-coach` skill. This creates a real supply-chain and release integrity issue: maintainers may unintentionally push this skill's contents into another skill listing, overwrite the wrong package, or ship mismatched code under an incorrect identity.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal