ClawHub

Isfp Coach

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only coaching skill, but it mixes ISFP and INTP identities and tells the agent to keep personal coaching records without clear consent or deletion controls.

Review before installing. This skill has no code-level malware indicators and does not ask for system access, but it is not cleanly packaged: ISFP and INTP coaching material are mixed, and it may remember sensitive personal goals, struggles, actions, and insights without clear controls. Install only if you are comfortable with that ambiguity, or ask the maintainer to align the persona content and add explicit save, forget, and no-memory behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The README documents an INTP-focused coaching skill while the manifest says the skill is for ISFP users. This mismatch can cause the wrong skill to be invoked, misleading users about scope and behavior, and can result in inappropriate guidance being delivered under false expectations. In a personality-targeted coaching context, incorrect targeting materially increases the chance of harmful or irrelevant advice.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill goes beyond transient coaching by instructing the agent to maintain persistent user profiles and archive prior actions. In a coaching context, this creates privacy and data-retention risk because users may disclose sensitive emotional, behavioral, and career information without explicit consent or clear storage limits.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The manifest metadata is inconsistent with the stated purpose of the skill: the skill is named and described as ISFP coaching, but the keywords and tags target INTP themes such as analysis paralysis. This can cause the wrong skill to be surfaced, selected, or trusted in automated routing systems, leading to mismatched guidance and weakening user trust and safety expectations.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The reference file is for INTP coaching while the skill metadata declares an ISFP coaching skill. This mismatch can cause the agent to deliver systematically wrong personality-specific guidance, undermining user trust and potentially causing harmful advice in emotionally sensitive coaching contexts. The coaching setting makes this more dangerous because users may rely on tailored self-improvement advice and not realize they are receiving content for a different profile.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The file is labeled as ISFP guidance, but the cognitive-function stack and behavioral descriptions repeatedly align with a different MBTI profile, creating a semantic integrity failure in the skill’s reference knowledge. In a coaching skill, this can systematically produce misleading advice to users seeking type-specific support, undermining trust and potentially causing poor self-assessment or inappropriate growth recommendations.

Intent-Code Divergence

Low
Confidence
90% confidence
Finding
The metadata at the bottom references a different skill directory (`intp-coach`) than the declared skill (`isfp-coach`), indicating copy-paste contamination or asset mix-up. While lower impact than the content mismatch, this increases the risk of the agent loading or maintaining the wrong reference material and is a strong indicator of weak configuration hygiene.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Using 'automatic recognition' without explicit trigger conditions makes invocation boundaries ambiguous. That can cause the skill to activate on broad everyday statements, leading users to receive personality-specific coaching they did not intend to request, especially in sensitive self-help or mental-wellness conversations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that conversations and actions are saved as 'growth records' or a user profile, but it does not clearly disclose retention, scope, purpose, or obtain explicit consent. Because this skill handles introspective and potentially sensitive personal information, silent or poorly disclosed persistence creates privacy and trust risks and may expose users to unauthorized data retention.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger wording is broad enough to catch general emotional-support statements such as feeling bad, tired, or upset. In context, that can cause the skill to engage in psychologically sensitive conversations outside its intended niche, increasing the chance of inappropriate advice, over-collection of personal data, and user confusion about the skill's role.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill describes saving conversation and action history but does not clearly notify users before collection begins. This is dangerous because users may share highly personal coaching details under the assumption of ephemeral chat, leading to uninformed consent and privacy violations.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to persist and reuse detailed coaching information without privacy guardrails, minimization, or access controls. Because coaching conversations often include emotional state, goals, failures, and personal history, indefinite profile accumulation materially raises privacy and secondary-use risks.

Ssd 3

Medium
Confidence
96% confidence
Finding
Directing the agent to store sensitive personal coaching data for future recall creates a durable behavioral dossier on the user. In this context, the data is especially sensitive because it can reveal mental state, self-doubt patterns, work habits, and vulnerabilities over time.

Ssd 3

Medium
Confidence
98% confidence
Finding
The growth-record and archive sections tell the agent to accumulate detailed personal disclosures and behavioral history over time, which exceeds what is necessary for basic coaching. This increases the blast radius of any data exposure and makes profiling, misuse, or unintended future inferences more likely.

Ssd 3

Medium
Confidence
98% confidence
Finding
Making archival of user problems, insights, plans, and results mandatory at conversation end institutionalizes persistent collection of sensitive self-improvement data. In a coaching skill, this is particularly risky because it captures vulnerable disclosures and longitudinal behavior without any visible consent or minimization framework.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal