Back to skill

Security audit

Estp Coach

Security checks across malware telemetry and agentic risk

Overview

This appears to be a personality-coaching skill, but its ESTP/INTP identity mismatch and default personal-profile archiving create review-worthy privacy and reliability concerns.

Review this skill before installing. It does not show evidence of code execution or exfiltration, but users should be aware that it may give advice for the wrong personality type and may try to retain personal coaching details across sessions. Install only if the publisher fixes the ESTP/INTP mismatch and makes memory storage explicit, optional, minimal, and user-controlled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (18)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The README presents the skill as an INTP coach while the manifest says it is for ESTP users, creating a direct identity and purpose mismatch. This can cause the wrong skill to be invoked, mislead reviewers and users about expected behavior, and undermine trust in the package contents.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The documented coaching goals are explicitly tailored to INTP traits, contradicting the ESTP-focused manifest. In a coaching skill, this context mismatch is operationally significant because users may receive guidance optimized for the wrong personality profile, producing harmful or misleading advice.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
Examples and feature descriptions drive actual usage, and here they consistently instruct and demonstrate INTP coaching rather than ESTP coaching. That makes the mismatch more dangerous because invocation, expectations, and behavioral outputs are likely to follow the wrong persona model in real interactions.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest presents a coaching skill, but the content introduces persistent user-profile and growth-record storage that is not disclosed up front. This is dangerous because users may reveal sensitive personal, emotional, and behavioral information without informed consent or understanding that it may be retained across sessions.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill's core functionality includes storing user archives and cross-session recall, expanding beyond simple coaching into personal data retention. In the context of coaching conversations, this can capture sensitive self-disclosures, goals, struggles, and behavior patterns, increasing privacy and misuse risk if users are not clearly informed.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The mandatory end-of-conversation archiving requirement creates undisclosed persistent retention of user disclosures and action plans. Because this is framed as a required workflow step rather than an optional, consent-based feature, it increases the likelihood of collecting sensitive personal data without transparent notice.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The manifest metadata materially conflicts with the declared ESTP purpose: description, keywords, and tags describe an INTP-focused coaching skill, while the skill metadata says this package is for ESTP users. This can mislead users, reviewers, or routing systems into invoking the wrong skill, causing inappropriate guidance and weakening trust in the package's identity and provenance.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The reference content materially contradicts the skill’s declared ESTP purpose by describing another personality profile’s traits, cognitive loops, and coaching advice. This can cause the agent to deliver systematically incorrect psychological guidance, reducing reliability and potentially harming users who rely on the advice for decision-making or self-assessment.

Intent-Code Divergence

Low
Confidence
93% confidence
Finding
The file path documentation references a different skill namespace (`intp-coach`) than the current skill, indicating copy/paste drift or miswiring between skills. This increases the risk that tooling or maintainers link the wrong reference material, propagating incorrect behavior and making future maintenance errors more likely.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The reference file is clearly written for INTP coaching while the skill metadata declares an ESTP coaching purpose. This creates a strong skill-definition mismatch that can cause the agent to deliver systematically incorrect personality-specific guidance, undermining safety and reliability for users seeking targeted coaching.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The file explicitly identifies itself as 'INTP Coach' reference material, directly contradicting the ESTP skill intent declared in metadata. Because this contradiction is explicit and authoritative within the skill content, it is likely to steer the model toward the wrong behavioral framework and produce misleading or inappropriate coaching advice.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Describing activation as 'automatic recognition' without clear boundaries or exclusions can cause accidental triggering in unrelated conversations. In a coaching skill, misfires can lead to unsolicited profiling or advice in contexts where the user did not intend to engage the skill.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README states that conversations, actions, and a user profile may be saved, but it does not prominently disclose retention, purpose, consent, access, or deletion controls. Because the skill handles potentially sensitive self-reflection and behavioral data, undisclosed storage increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill describes saving conversation details and action plans to a persistent profile without a clear user-facing privacy warning. In a coaching context, those details can include emotional state, goals, indecision patterns, and other sensitive personal information, making undisclosed retention a genuine privacy issue.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Recording users' problems, interests, actions, and insights into a profile without explicit notice or consent creates a privacy vulnerability. These categories can reveal sensitive behavioral and psychological patterns over time, and the skill provides no clear boundaries on what should or should not be collected.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instructions encourage persistence of detailed conversation data and action history without minimization boundaries. In a coaching skill, broad retention can accumulate a meaningful behavioral dossier on the user, increasing privacy harm in the event of misuse, overcollection, or unauthorized access.

Ssd 3

Medium
Confidence
96% confidence
Finding
The repeated directives to record issues, interests, insights, and plans normalize broad data retention in plain language, with no clear scoping or safeguards. Because the skill handles personal development conversations, this materially raises the chance of storing sensitive self-disclosures beyond what users reasonably expect.

Ssd 3

Medium
Confidence
97% confidence
Finding
A mandatory instruction to archive key user information at conversation end creates persistent retention of personal disclosures by default. This is dangerous because users may interpret the interaction as transient coaching, while the skill operationalizes long-term storage of goals, insights, and execution history without transparent consent boundaries.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.