Back to skill

Security audit

MBTI Coach — Personality Development System

Security checks across malware telemetry and agentic risk

Overview

This MBTI coaching skill is coherent, but its calendar integration and profile storage handle sensitive data and credentials with weak disclosure and controls.

Install only if you are comfortable reviewing or patching the Feishu calendar script first. Avoid the token command, use least-privilege Feishu/Lark credentials, confirm each calendar write, keep data/profile.json private, and treat the README privacy statement as incomplete because calendar events may leave the local machine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script explicitly documents a `token` command for debugging that returns the raw Feishu tenant access token. Printing bearer tokens to stdout is dangerous because they can be captured by terminal logs, shell history wrappers, CI logs, or other tooling and then reused to access Feishu APIs as the tenant.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README advertises very broad trigger phrases, including common terms like "MBTI" and generic phrases such as "安排日程", without describing any scoping or confirmation requirements. In an agent environment, overly broad activation can cause unintended invocation of the skill, which may lead to unexpected collection of sensitive personal data or unintended calendar-related actions based on ordinary conversation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README promotes Feishu/Lark calendar integration and personalized scheduling but does not clearly disclose that user prompts, schedules, or profile-derived data may be transmitted to a third-party service when that integration is used. This omission can cause users to expose sensitive personal-development or behavioral data without informed consent, especially given the skill's focus on personality profiling and routine planning.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are broad enough to match common conversation such as 'personality coach' or 'I want to become', which can cause the skill to activate outside clearly intended contexts. In a skill that collects and stores sensitive personality-profile data, accidental invocation increases privacy risk and can lead users into sharing personal information without informed intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directs the agent to read and save detailed personality and behavioral data to data/profile.json, including historical traits, stress signals, and coaching progress, without a clear user-facing notice or consent flow for persistence. This creates a genuine privacy vulnerability because sensitive psychological-profile data may be stored unexpectedly and retained across sessions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The calendar integration sends event data to Feishu/Lark using external credentials, but the skill does not require a user-facing warning that scheduling details will be transmitted to a third-party service. Because the scheduled items may reveal personal development goals or inferred personality information, this creates a meaningful external data-sharing risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
`cmd_token()` directly calls `_get_token`, causing the bearer token to be emitted with no warning or masking. In an agent or automation context, stdout is often persisted, making secret exposure more dangerous than in an interactive one-off shell session.

Credential Access

High
Category
Privilege Escalation
Content
# 3. skill 目录下的 .env
  local skill_dir
  skill_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
  local env_file="$skill_dir/.env"
  if [[ -f "$env_file" ]]; then
    # shellcheck disable=SC1090
    source "$env_file"
Confidence
91% confidence
Finding
.env"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.