Back to skill

Security audit

Esfp Coach

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable coaching skill, but it mixes ESFP and INTP content and tells the agent to save personal coaching records without clear consent controls.

Review before installing. Use only for informal MBTI-style coaching, not mental-health or high-stakes decisions. If you install it, tell the agent not to save profile or growth records unless you explicitly approve, and avoid sharing sensitive personal, workplace, relationship, financial, or health details until the publisher fixes the ESFP/INTP content mismatch and adds clear memory controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (19)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The README describes an INTP-focused coaching skill, while the manifest says the skill is for ESFP users. This documentation-to-manifest mismatch can cause the wrong skill behavior to be installed, invoked, or trusted by users and integrators, creating a serious integrity and safety issue in a psychologically oriented coaching context.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented behavior repeatedly targets INTP-specific traits, advice, and cognitive-function framing instead of the ESFP-specific guidance declared in the metadata. In a coaching skill, this can mislead users into following advice for the wrong personality profile, undermining trust and potentially causing harmful or inappropriate guidance.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The manifest metadata materially conflicts with the stated purpose of the skill: it advertises INTP-focused coaching keywords and tags while the skill is presented as an ESFP coach. This kind of identity mismatch can mislead users, reviewers, and automated tooling, and it may conceal incorrect behavior, prompt routing, or a swapped/repackaged skill.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The repository URL points to an apparently unrelated project, which breaks provenance and makes it difficult to verify the source, maintenance history, and integrity of the skill. In a supply-chain context, incorrect or misleading repository metadata can hide ownership issues, frustrate auditing, and increase the risk of users trusting a package whose origin they cannot validate.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The reference content is internally inconsistent with the stated ESFP cognitive stack and repeatedly describes traits associated with a different personality profile (e.g., Ti/Ne loop, Fe weakness, social depletion). In a coaching skill, this can systematically misclassify user behavior and generate misleading guidance, reducing trust and potentially causing harmful advice for emotional, behavioral, or planning issues.

Intent-Code Divergence

Low
Confidence
91% confidence
Finding
The embedded path metadata points to a different skill directory, suggesting the file was copied from another skill without proper adaptation. This increases the likelihood of cross-skill content contamination and supports the observed type mismatch, which can propagate incorrect internal guidance.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The reference file is entirely focused on INTP coaching while the skill metadata declares an ESFP coaching purpose. This mismatch can cause the agent to deliver systematically wrong personality-specific guidance, undermining user trust and potentially producing harmful advice for users seeking support on impulsivity, planning, or emotional regulation. In this context, the skill is specifically supposed to tailor coaching to ESFP users, so type-confused reference material is more dangerous than a generic documentation error.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The file explicitly labels itself as 'INTP Coach' reference material near the strategy section and footer, directly contradicting the declared ESFP skill intent. This is strong evidence that the wrong coaching corpus was copied or attached, increasing the likelihood that downstream prompts or retrieval will apply incompatible reasoning patterns to the wrong users. Given this is a coaching skill, incorrect persona conditioning can materially degrade safety and appropriateness of responses.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Using 'automatic recognition' as the activation method without clear boundaries or exclusion criteria makes it ambiguous when the skill should engage. This can cause unintended triggering in unrelated conversations, especially in a coaching setting where advice style and persistence may affect user decisions or sensitive disclosures.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README states that the skill will save conversations and actions automatically, but it does not provide a clear notice about data retention, consent, storage scope, or user control. In a coaching context, users may share sensitive personal or psychological information, so silent persistence increases privacy and trust risks.

Vague Triggers

High
Confidence
94% confidence
Finding
This section explicitly instructs the skill to engage on very generic statements like 'recently in a bad mood' or 'a bit annoyed' before establishing that the request fits the ESFP coaching domain. That broadens activation into general emotional-support territory and can cause inappropriate interception of sensitive conversations that should be routed elsewhere or handled with stronger safeguards.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill advertises 'growth record' functionality that saves conversations and actions for future use, but it does not pair this with a clear privacy disclosure, retention notice, or consent mechanism. Because the skill deals with personal struggles, goals, and patterns, silent persistence increases the risk of collecting sensitive behavioral data without informed user awareness.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This section specifies ongoing storage of core problems, interests, action history, and 'aha moments,' all of which can reveal sensitive personal and psychological patterns. The absence of consent, retention limits, and minimization guidance makes the collection materially risky, especially in a coaching context where users may disclose intimate struggles.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The end-of-conversation workflow mandates archiving user information after the session without notifying the user or obtaining acknowledgment. Post-session storage of problem details, insights, and action plans creates privacy risk because users may reasonably expect a coaching exchange to end without persistent retention unless clearly told otherwise.

Ssd 3

Medium
Confidence
97% confidence
Finding
Persistent recording of conversations and personal details for future recall is a real privacy and data-handling risk in a coaching skill. Even if intended to improve continuity, it creates a durable profile of user behavior and emotional issues that could be exposed, misused, or retained longer than expected.

Ssd 3

Medium
Confidence
96% confidence
Finding
The workflow directs the agent to record key user insights during coaching, which can include sensitive self-assessments, mental-state clues, and personal goals. In this context, silent accumulation of insight-level summaries increases privacy risk because it creates structured, reusable personal intelligence without any explicit permission step.

Ssd 3

Medium
Confidence
98% confidence
Finding
This profile design calls for ongoing storage of patterns, interests, actions, and insights, enabling longitudinal tracking of the user's personal development and weaknesses. In a personality-coaching setting, that data can become highly sensitive because it reveals habits, vulnerabilities, and potentially mental-health-adjacent information over time.

Ssd 3

Medium
Confidence
97% confidence
Finding
The mandatory rules require recording user files for later recall, normalizing persistence as a default behavior rather than an optional feature. That increases the chance of over-collection and undermines user expectations of privacy, especially when the skill's subject matter involves identity, struggles, and self-improvement plans.

Ssd 3

Medium
Confidence
99% confidence
Finding
The conversation-ending procedure operationalizes storage of problem details, insights, and action plans after each session, creating a systematic retention pipeline for sensitive coaching data. Because it happens at session close, users may not realize their disclosures are being converted into persistent records, making this especially risky from a transparency and privacy perspective.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.