Intp Coach

Security checks across malware telemetry and agentic risk

Overview

This is a coaching-only skill with no executable code, but it tells the agent to keep personal growth records without clear consent, retention, or deletion controls.

Review before installing. Use it only if you are comfortable with coaching-memory style records about your goals, problems, insights, and follow-through. Avoid sharing highly sensitive mental-health, medical, financial, or private relationship information unless your OpenClaw environment gives you clear controls to disable, inspect, edit, and delete saved records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (11)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The README examples broaden activation beyond the manifest’s stated requirement that the user explicitly identify as INTP. In a coaching/psychology-adjacent skill, looser triggering can cause the agent to infer personality type and deliver tailored behavioral guidance to users who did not opt into that framing, increasing the risk of inappropriate advice and unexpected collection of sensitive self-reflection data.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: Describing invocation as 'automatic recognition' without concrete boundaries creates prompt-scope ambiguity and can lead to overbroad activation. In this context, that means the skill may engage in quasi-psychological coaching when users did not request it, which can mis-handle intent and expose personal context during sensitive conversations.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: Marking growth-record persistence as 'automatic execution' without constraints is a real privacy and safety issue because it implies silent storage of user conversations and action history. For a personal coaching skill, those records may contain sensitive mental-health, career, and behavioral information, so undocumented auto-saving materially raises data retention and consent risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The README explicitly states that conversations and action history are saved, but it does not warn users about retention, privacy implications, or how their data will be handled. Because the skill solicits introspective personal information, the absence of user-facing retention notice can lead to non-consensual storage of sensitive content and downstream misuse or overexposure.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill states it will save growth records and preserve conversation/action history, but it does not clearly warn users that sensitive personal disclosures may be retained. In a coaching context, users may reveal mental state, career uncertainty, habits, and behavioral patterns, so undisclosed retention creates privacy and trust risk.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: This section describes detailed user profile recording including core problems, interests, actions, and insights, which can amount to sensitive behavioral profiling. Without clear disclosure and consent, the skill encourages collection beyond what a user reasonably expects from a conversational coaching interaction.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The instructions make profile recording mandatory, but there is no accompanying user-facing warning that memory or storage is happening. Mandatory hidden persistence is dangerous because it normalizes collecting sensitive self-improvement and emotional data without informed user choice.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The conversation-end archive directs the agent to store user problems, insights, action plans, and later execution results without a clear privacy disclosure. End-of-session archiving is especially risky because users may assume the conversation is ending, not being persisted for future profiling and recall.

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The reference file is entirely written in Chinese and framed as internal guidance for the skill, which can bias the assistant toward responding in Chinese even when the user has not requested that language. This is not a code-execution or data-exfiltration issue, but it can cause unwanted language coercion, reduced usability, and possible mishandling of user intent in multilingual contexts.

Ssd 3

Medium

Confidence: 96% confidence
Finding: Persistent collection and reuse of personal conversation details without minimization or consent gating creates a broader data-handling vulnerability than a single missing notice. In this coaching skill, retained patterns about motivation, indecision, interests, and follow-through could reveal sensitive personal traits and be exposed or misused later.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to archive detailed disclosures and behavioral history for later recall, which increases the privacy impact through accumulation over time. Repeated storage of longitudinal behavior patterns can create an unexpectedly rich profile of the user's mental habits, interests, and vulnerabilities.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal