ClawHub

Istj Coach

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only coaching skill, but it needs Review because its ISTJ and INTP materials conflict and it tells the agent to keep personal coaching records without clear user control.

Review before installing. Use only if you are comfortable with an agent remembering personal coaching details across sessions, and avoid sharing sensitive mental-health, career, relationship, or identity information unless you explicitly want it retained. The publisher should align the ISTJ/INTP materials and make profile saving opt-in with clear review, deletion, and retention controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The README describes and exemplifies an INTP-focused coaching skill while the manifest declares an ISTJ-specific skill. This specification drift can cause the agent to be invoked for the wrong user population or to deliver mismatched guidance, undermining safety boundaries and making downstream routing and trust decisions unreliable.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented behavior, prompts, and coaching logic are targeted at INTP users rather than the manifest-declared ISTJ audience. In a skill-routing context, that mismatch can lead to erroneous activation and psychologically inappropriate advice, especially when the skill claims personality-specific guidance.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest claims an ISTJ coaching skill, but the description, keywords, and tags reference INTP instead. This inconsistency can cause the wrong skill to trigger or be selected for users, leading to misleading psychological guidance and degraded trust. In a coaching/personality context, mismatched persona metadata is especially risky because advice is tailored to self-identified traits.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The reference file is entirely about INTP coaching while the skill metadata declares an ISTJ-only coaching skill. This creates a scope-integrity failure: the agent may deliver advice optimized for the wrong personality type, causing systematically misaligned guidance in growth, career, or learning contexts. In a coaching skill, this mismatch is more dangerous than a generic documentation typo because users may rely on the advice for real decisions.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The file explicitly labels itself as 'INTP Coach' reference material, directly contradicting the declared ISTJ-only purpose. This is strong evidence that the skill may be assembled from the wrong persona corpus, increasing the likelihood of persistent behavioral drift rather than an isolated wording mistake. Because the contradiction appears in the documentation footer and strategy sections, it undermines trust in the skill's configuration and can mislead both users and maintainers.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
This reference document is labeled as ISTJ guidance, but the cognitive-function stack and repeated descriptions clearly align with a different MBTI profile, including references to Ti-Ne loops and a mismatched file path (`intp-coach`). In a coaching skill, this can systematically misclassify users and deliver incorrect psychological guidance, undermining user trust and potentially causing harmful or inappropriate advice.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Using 'automatic recognition' without precise activation and exclusion rules creates ambiguous trigger boundaries. That increases the chance of accidental invocation in unrelated conversations, causing unsolicited personality coaching or misclassification-driven responses.

Missing User Warnings

High
Confidence
97% confidence
Finding
The README states that the skill saves conversations, actions, growth records, and user profiles, but it provides no notice about storage, consent, retention, access controls, or deletion. Because the content involves personal psychological and behavioral data, silent persistence materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to maintain a '成长记录/用户档案' and reuse it later, but does not clearly tell users their personal reflections, problems, and actions may be stored. In a coaching context, this can capture sensitive behavioral and possibly mental-health-adjacent data, creating privacy and compliance risk if retained without clear notice and consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Mandating that the agent record profile information and archive it at conversation end without an upfront privacy warning is a real data-handling weakness. Because the skill is framed as personal growth coaching, the archived information may reveal interests, struggles, habits, and decisions that users would reasonably expect to remain ephemeral unless told otherwise.

Ssd 3

Medium
Confidence
97% confidence
Finding
The instructions explicitly direct persistent profile logging of conversation details and action history for later recall. Persistent storage of intimate coaching conversations increases the blast radius of any future misuse, over-retention, or unauthorized access, especially because the stored material can include emotional state, goals, and behavioral patterns.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill tells the agent to record detailed user profile data including problems, interests, actions, and insights. In this context, those fields can collectively form a sensitive behavioral profile, enabling invasive tracking or unintended secondary use if the data persists beyond the session.

Ssd 3

Medium
Confidence
96% confidence
Finding
Requiring archives for future recall as a mandatory behavior creates an unnecessary persistence obligation. Even without obviously malicious intent, mandatory retention of coaching data increases privacy risk and may conflict with user expectations that a conversational support interaction is transient.

Ssd 3

Medium
Confidence
97% confidence
Finding
The shutdown flow includes archiving key user information, insights, plans, and later execution results. This is dangerous because it normalizes systematic accumulation of personal coaching history without a visible privacy gate, which can expose sensitive longitudinal data about the user's behavior and decision-making.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal