Back to skill

Security audit

Enfp Coach

Security checks across malware telemetry and agentic risk

Overview

This coaching skill does not run code or ask for credentials, but its ENFP/INTP identity is inconsistent and it tells the agent to keep personal growth records without clear consent or deletion controls.

Review before installing. Use this only if you are comfortable with a coaching skill that may ask the agent to remember sensitive personal growth details across sessions. Verify whether your ClawHub or agent setup lets you disable, inspect, or delete saved memory, and treat its ENFP advice cautiously because several packaged files still contain INTP guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (16)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The README describes an INTP-focused coaching skill while the manifest says the skill is for ENFP users only. This scope mismatch can cause the agent to activate under the wrong persona and deliver guidance outside its declared boundaries, undermining user trust, policy gating, and any safety assumptions tied to the manifest.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documented behavior repeatedly targets INTP coaching rather than the declared ENFP coaching scope in metadata. In a skill-routing system, contradictory documentation can lead maintainers or downstream agents to deploy or invoke the skill for unintended users, creating unsafe misclassification and guidance drift.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest says the skill should only trigger when the user explicitly identifies as ENFP, but the body instructs it to engage users with vague emotional statements and to offer itself even to non-ENFP users. This mismatch can cause the skill to activate outside its declared scope, leading to inappropriate personality-based guidance and collection of sensitive self-disclosures from users who did not intend to invoke this skill.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The documentation simultaneously says the skill should not trigger for non-ENFP users while later saying other types can still use it. Contradictory boundaries are a security and safety issue because they make runtime behavior unpredictable, weakening safeguards around when personality profiling, coaching logic, and data retention are applied.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest metadata materially conflicts with the declared purpose of the skill: the name and trigger conditions target ENFP users, while keywords and tags target INTP. This can cause incorrect skill routing, misleading activation, and user misclassification, which is a security-relevant integrity issue because the wrong guidance may be surfaced to users under false assumptions.

Description-Behavior Mismatch

Low
Confidence
87% confidence
Finding
The repository URL appears unrelated to the declared coaching skill, which undermines provenance and makes it harder to verify the source, maintenance history, and intent of the package. In a skill ecosystem, mismatched provenance can hide repackaging, impersonation, or accidental linking to unrelated content, increasing supply-chain and trust risks.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The reference file is clearly written for INTP coaching while the skill metadata declares an ENFP coaching skill. This mismatch can cause the agent to apply the wrong behavioral framework, producing misleading guidance and breaking scope controls the orchestrator may rely on.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file explicitly labels itself as 'INTP Coach' reference material, directly contradicting the declared ENFP skill identity. This increases the likelihood of systematic misrouting or incorrect coaching responses, especially if downstream systems trust the manifest for user-facing behavior.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Describing activation as 'automatic recognition' without precise trigger and non-trigger boundaries creates ambiguous invocation behavior. In a coaching skill, that can cause unsolicited personality-based advice or activation on weak signals, especially harmful given the existing ENFP/INTP scope confusion.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README says the skill saves conversation and action records, but it does not clearly disclose retention, consent, access, or deletion behavior. Because coaching conversations may contain sensitive personal or mental-health-adjacent information, undocumented storage increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill advertises a 'growth record' that saves conversations and actions for future sessions, but it does not pair this with a clear user-facing notice or consent step. Because the content includes career confusion, emotional state, habits, and personal reflections, silent retention creates privacy risk and unexpected cross-session profiling.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This section requires recording user profile details, interests, action history, and insights, but provides no retention warning, consent mechanism, or data minimization limits. Such content can be sensitive behavioral and psychological data, so storing it without transparency materially increases privacy exposure.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The end-of-conversation workflow instructs the agent to archive key user information after the user signals completion, but the exit script never informs the user that their data will be persisted. Archiving at the moment of closure is especially problematic because users may reasonably believe the conversation is ending, not that a profile is being updated behind the scenes.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill directs the agent to persist and reuse detailed conversation history in a user profile across sessions without clear limits or consent boundaries. Cross-session memory of personal struggles and behavior patterns increases the risk of overcollection, accidental disclosure, and profiling beyond what the user expects from a coaching interaction.

Ssd 3

Medium
Confidence
97% confidence
Finding
Repeated instructions to record users' problems, interests, actions, and insights normalize broad behavioral tracking without specifying necessity, scope, or user control. In a coaching context, this can accumulate a rich profile of vulnerabilities and habits that could be misused or exposed if retained improperly.

Ssd 3

Medium
Confidence
98% confidence
Finding
The 'growth record' and archive workflow call for retaining behavioral history, interests, plans, execution results, and 'aha' moments for later use. This is a broad persistence design for sensitive self-development data, and without consent, minimization, and retention controls it creates a meaningful privacy and profiling vulnerability.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.