ClawHub

INTJ Coach

Security checks across malware telemetry and agentic risk

Overview

This INTJ coaching skill saves local user coaching notes and reminders, but that behavior is disclosed and fits its coaching/accountability purpose.

Install only if users are comfortable with local coaching records being saved under ~/.openclaw/workspace/memory/intj-users. Before enabling it broadly, decide who can access those files, how long they are kept, how deletion requests are handled, and whether proactive reminders require explicit opt-in.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (42)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill directs the agent to create and update files under ~/.openclaw/workspace/memory/intj-users but does not declare that storage capability up front. Undeclared file-write behavior undermines least-privilege review and makes the skill capable of persisting user data without clear permission gating.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The manifest presents this as a conversational INTJ coaching skill, but the body requires persistent user profiling, session logging, action tracking, and record initialization. That mismatch can mislead users and reviewers into authorizing a coaching tool that also acts as a personal data collection and retention system.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The README documents automatic per-user profile creation, history loading, conversation saving, and proactive action tracking, which materially expands behavior beyond simple on-demand coaching. This creates a privacy and scope-expansion risk because sensitive personal coaching data may be retained and reused without clear consent boundaries or data-minimization controls.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The heartbeat workflow directs scanning all user archives and sending unsolicited reminders based on stored action history, which goes beyond the documented trigger conditions tied to active user requests. This is dangerous because it enables cross-user background processing and unsolicited outreach using sensitive behavioral data without an explicit per-user authorization model.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill expands from transient coaching into persistent profiling across sessions, including personal details, historical decisions, and action logs. This is a meaningful scope increase because it changes the trust and privacy model from chat assistance to longitudinal behavioral tracking.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The scheduled weekly reminders and monthly reviews turn the skill into a proactive outreach and monitoring system rather than a passive coaching assistant. This broader operational behavior increases privacy and consent risk because the agent may initiate contact based on stored records without an explicit opt-in workflow.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill derives or requests platform-specific user IDs to maintain cross-session records, which creates linkable persistent identities beyond the immediate coaching exchange. Even if intended for continuity, collecting stable identifiers raises tracking and privacy concerns that are not strictly necessary for a one-off advice interaction.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The report explicitly endorses creating, loading, and automatically appending persistent user profiles and history for a coaching skill, which expands the skill from transient guidance into ongoing personal data retention. For a personality/coaching context, this can accumulate sensitive behavioral, career, and emotional information without demonstrating strict necessity, minimization, retention limits, or consent controls.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The document describes persistent storage and recall of user conversation/profile data as a core capability, but the stated purpose is INTJ coaching rather than long-term recordkeeping. That mismatch creates a scope-expansion/privacy risk because users may disclose intimate self-assessment and career concerns that are then retained beyond what is needed for a single session.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The change log introduces persistent per-user profile loading from local storage, which is a materially different capability from the manifest's stated coaching-only behavior. This hidden statefulness can surprise users and operators, expand the data-handling surface, and enable unauthorized retention or reuse of sensitive coaching disclosures.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
Requiring writes to session, action, and profile files after every conversation creates systematic retention of potentially sensitive personal and career information beyond the declared scope of the skill. Persistent storage on each interaction increases privacy risk, breach impact, and the chance of misuse if filesystem access controls or deletion workflows are weak.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The privacy notice claims the archive belongs only to the user's user_id, but the described implementation merely names files by user_id-derived paths and does not establish exclusivity, isolation, or access control. This can mislead users into overtrusting confidentiality guarantees that the skill does not actually enforce.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The example explicitly instructs saving coaching session details, personal traits, and next actions into per-user markdown files, introducing persistent storage of user data beyond the stated coaching/advice function. That creates a real privacy and scope-expansion risk because sensitive behavioral data is retained without disclosure, minimization, or consent guidance.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The example expands a coaching skill into persistent per-user session and action logging, which is a material capability beyond the stated coaching-only description. This creates an undocumented data-retention surface where sensitive personal reflections, emotions, and inferred motivations may be stored and later accessed, reused, or leaked.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Saving coaching session summaries and action plans to user-specific files is not clearly necessary for the declared purpose and risks over-collection of sensitive behavioral data. In a coaching context, users may disclose fears, career doubts, and emotional states, making unjustified persistence more dangerous than ordinary note-taking.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad and overlap with normal conversation, such as generic requests for advice, which increases the chance of accidental activation. In this skill, mis-triggering is more dangerous because activation can lead to profile creation, persistent storage, and follow-up tracking for users who did not intentionally invoke the coaching system.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation says the skill will automatically save conversations and proactively track users, but it does not specify clear notice, consent, or controls around those data practices. Because coaching interactions often include sensitive personal, career, and emotional information, silent retention and reminders can materially harm privacy and user trust.

Vague Triggers

High
Confidence
89% confidence
Finding
The trigger terms include broad phrases like 迷茫, 卡住了, 给我建议, and 咋办, which are common in ordinary conversation and could invoke the skill unintentionally. Because this skill also stores persistent records and may initiate follow-ups, accidental activation has higher-than-normal consequences.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill stores conversation history, action records, and profile data, but the main description does not consistently foreground that retention before use. Users may disclose sensitive career, emotional, or personal information without realizing it will be persisted across sessions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The weekly proactive messaging behavior is based on stored user records, yet the skill does not define a strong user-facing opt-in for future contact in its primary description. Unsolicited reminders tied to personal coaching data can surprise users and create both privacy and trust issues.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow mandates automatic profile creation and ongoing storage of conversation data, but the disclosure is limited to a first-conversation privacy note and does not adequately cover continued retention. Users may reasonably assume a coaching interaction is ephemeral and disclose sensitive details without understanding that all future sessions are logged.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The notes explicitly state that the skill did not disclose that conversation records may be saved. In a coaching context, users may share sensitive career, psychological, or personal information; failing to provide timely retention and privacy notice can undermine informed consent and create privacy/compliance risk if data is stored or later accessed unexpectedly.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The prompt describes emotion-sensitive coaching behavior and possible inference of whether the user is an INTJ, but it does not require a clear disclosure or consent step before engaging in personality-based guidance. This can lead to unannounced profiling and coaching in a vulnerable emotional context, which increases the risk of inappropriate influence or user confusion about what the system is doing.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The skill content is written to operate in Chinese without indicating that the user can choose another language or opt in to Chinese-language interaction. While not typically severe on its own, forced language behavior can reduce user comprehension, obscure disclosures or safety messaging, and create consent/usability issues if the user is more comfortable in another language.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The sample response asserts an INTJ-specific coach identity and offers INTJ-tailored guidance even though the stated preconditions say the user's MBTI type is unknown. This can misclassify the user, create unwarranted authority or personalization, and steer vulnerable users toward advice based on an unverified label.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal