ClawHub

Istp Coach

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable coaching skill, but it mixes ISTP and INTP guidance and tells the agent to keep personal coaching records without clear consent or deletion controls.

Review carefully before installing. Use this only if you are comfortable with the agent keeping an ongoing coaching profile, and avoid sharing sensitive mental-health, relationship, identity, or workplace details unless the platform gives clear controls to inspect, disable, and delete saved memory. Also expect possible ISTP/INTP mismatched advice until the package documentation and references are corrected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (17)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The README consistently documents an INTP coaching skill, while the manifest metadata declares an ISTP coaching skill. This mismatch can cause users or downstream systems to invoke the skill under false assumptions, leading to inappropriate psychological guidance, broken routing, and trust failures; in a personality-targeted coaching context, giving the wrong framework is materially risky because the entire advice model is keyed to the declared user type.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a coaching tool, but it adds a persistent user-profile and conversation-history feature that changes the data-handling risk profile materially. Collecting and retaining users' problems, interests, actions, and patterns can expose sensitive behavioral and emotional information if reused, surfaced unexpectedly, or accessed by others.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The reference file is explicitly written for INTP users, while the skill metadata declares an ISTP coaching purpose. This mismatch can cause the agent to deliver systematically incorrect personality guidance, which is especially risky in self-help or emotional coaching contexts because users may rely on advice tailored to the wrong behavioral profile.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documentation repeatedly labels the material as INTP-specific, reinforcing that the deployed skill content does not match its declared ISTP purpose. In a coaching skill, this increases the likelihood of misleading users at scale, producing inappropriate recommendations for relationships, career, or emotional development.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The document claims to provide ISTP guidance but lists a mismatched cognitive-function stack and supporting rationale associated with a different personality type. In a coaching skill, this can systematically misclassify user traits and drive inappropriate advice, reducing reliability and potentially causing harmful guidance in emotional, social, or career contexts.

Intent-Code Divergence

Low
Confidence
89% confidence
Finding
The metadata points to `intp-coach` inside an `istp-coach` reference file, indicating likely content mix-up or copy/paste contamination between skills. While not directly exploitable as code execution, it increases the risk that the wrong reference material is loaded, maintained, or trusted, which can propagate incorrect coaching behavior.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The README says mode selection is 'automatic' and that growth-record behavior may be 'automatically executed' without defining clear activation rules, consent boundaries, or user-visible triggers. In an agent skill, ambiguous autonomous behavior increases the chance of unintended actions, surprising data handling, and prompt-routing mistakes, especially in a sensitive coaching setting where users may disclose personal information.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document advertises saving conversations and action records but does not clearly explain what data is stored, for how long, where it is kept, who can access it, or how users can opt out/delete it. Because this is a coaching skill likely to capture sensitive emotional and behavioral information, under-disclosed persistence creates privacy and compliance risk and may expose users to unintended retention of highly personal data.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger scope is broad enough to capture generic distress statements like feeling bad, tired, or annoyed, which can cause unintended invocation in situations outside the intended MBTI-coaching context. In a mental-health-adjacent skill, accidental activation increases the chance of collecting sensitive disclosures or steering vulnerable users into an unsuitable persona or workflow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that it saves conversation history and action records, but it does not present a clear privacy notice or ask for consent before doing so. Because the content involves relationships, motivation, and personal struggles, silent retention creates meaningful privacy and trust risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The 'growth record/user profile' section explicitly describes archiving personal problems, interests, action history, and behavioral patterns without an accompanying consent and retention boundary. This is dangerous because it normalizes longitudinal profiling of sensitive self-disclosures in a context where users may not expect durable storage.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The end-of-conversation workflow instructs the system to archive the user's problem, insights, plan, and results automatically, again without a clear warning to the user. End-of-session automatic storage is especially risky because users may interpret closing statements as harmless while the system silently retains sensitive summaries.

Ssd 3

Medium
Confidence
94% confidence
Finding
Instructing the agent to preserve and reuse detailed user information across sessions creates a natural-language data-retention risk even without code-level exfiltration. Prior disclosures about emotional state, relationships, and personal goals can later be surfaced in the wrong context or exposed through unintended recall.

Ssd 3

Medium
Confidence
91% confidence
Finding
The repeated instruction to record user profiles, insights, and action history encourages broad collection of sensitive personal material without clear boundaries. This increases the chance of over-collection and later disclosure of intimate or psychologically sensitive information.

Ssd 3

Medium
Confidence
96% confidence
Finding
The user-profile feature creates an ongoing repository of personal problems, interests, actions, and inferred patterns, which is effectively a sensitive behavioral dossier. In a coaching context, those records can reveal vulnerabilities, habits, and emotional issues that users may not realize are being accumulated over time.

Ssd 3

Medium
Confidence
92% confidence
Finding
Mandating recording of user archives for future recall expands the attack surface for natural-language leakage because old sensitive disclosures may be reintroduced unexpectedly in later chats. This is particularly problematic when the subject matter includes personal growth obstacles, relationship issues, and execution failures.

Ssd 3

Medium
Confidence
96% confidence
Finding
The end-of-conversation archive step semantically instructs retention of the user's problem, insights, plan, and outcomes, all of which can be highly personal. This creates a clear privacy risk because sensitive disclosures are transformed into durable summaries that may later be retrieved, leaked, or misused.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal