ClawHub
Back to skill

Security audit

Isfj Coach

Security checks across malware telemetry and agentic risk

Overview

This text-only coaching skill has no code execution, but it mixes ISFJ and INTP identities and tells the agent to retain personal coaching records without clear user controls.

Review before installing. This does not appear to run code or access credentials, but users should treat it as a personal-data-retaining coaching prompt. Install only if you are comfortable with the ISFJ/INTP content mismatch and with the host agent potentially saving personal coaching notes; avoid sharing sensitive details unless your environment provides clear opt-in, inspection, and deletion controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (17)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The README documents a completely different skill domain (INTP coaching) than the manifest-declared skill (ISFJ coaching). This kind of identity/behavior mismatch is dangerous because users, reviewers, and downstream systems may rely on metadata that does not reflect the actual prompt behavior, causing unintended guidance, misrouting, and loss of trust in the skill’s declared purpose.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documented use cases, examples, and coaching logic target INTP users rather than the declared ISFJ audience. In a psychology/personality coaching context, this mismatch increases the risk of giving inappropriate or low-quality advice to the wrong user population, especially where the skill claims type-specific insight and intervention patterns.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill is presented as coaching/growth guidance, but it also instructs the agent to maintain persistent user records for future use. That expands the data-processing scope beyond what a user would reasonably expect from a coaching interaction and can lead to silent retention of sensitive personal reflections, goals, and behavioral history.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
This section defines ongoing profiling of the user's problems, interests, actions, and behavioral patterns across sessions. For a coaching skill, that is more invasive than necessary and creates a standing mechanism for behavioral tracking without clear necessity, transparency, or safeguards.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The end-of-conversation workflow mandates archiving user problems, insights, plans, and execution results for later recall. This operationally turns every session into data collection and retention, exceeding a simple coaching-only scope and increasing privacy risk, especially because discussions may include emotional or sensitive life details.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The manifest presents the skill as ISFJ-specific, but the embedded description, keywords, and tags describe INTP/general coaching. This inconsistency can mislead users, reviewers, and routing systems into invoking the wrong skill context, causing inappropriate guidance and weakening trust in package identity. In a coaching skill, persona/type mismatch is materially relevant because advice is tailored to user psychology and behavioral patterns.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The package metadata claims behavior that does not match the stated ISFJ-specialized coaching purpose, instead signaling INTP/general productivity coaching. This creates a deceptive behavior surface where discovery, selection, or automated orchestration may rely on false metadata and deliver advice unsuited to the intended user group. The risk is elevated by the skill context because personality-targeted coaching depends on accurate specialization claims.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The reference file is for INTP coaching while the declared skill purpose is ISFJ coaching, creating a clear specification mismatch. In an agent setting, this can cause the model to deliver systematically wrong personality-specific guidance, undermining user trust and potentially causing harmful advice around boundaries, self-care, and change resistance because the coaching framework is tailored to a different profile.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document explicitly labels itself as INTP-only reference material, directly contradicting the skill's ISFJ intent. This contradiction increases the chance that the agent will weight the wrong behavioral assumptions and intervention strategies, producing unsafe or inappropriate coaching recommendations for the intended audience.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The reference file is labeled for ISFJ coaching, but the content describes a different cognitive profile and repeatedly references traits inconsistent with ISFJ. In a coaching skill, this can systematically produce misleading guidance for users seeking personality-specific support, undermining trust and potentially worsening boundary-setting, self-care, or change-resistance issues the skill claims to address.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README states that the skill will save conversations and actions, but does not explain what data is stored, where it is stored, how long it is retained, who can access it, or how user consent is obtained. Because this skill processes potentially sensitive personal and mental-health-adjacent discussions, undocumented persistence creates meaningful privacy and trust risks.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The skill describes persistent storage of user conversation data but provides no privacy notice, consent flow, or explanation of how long data is kept and for what purpose. In a coaching context, users may disclose intimate personal struggles, making undisclosed retention especially risky.

Ssd 3

Medium
Confidence
99% confidence
Finding
The skill instructs persistent collection and retention of conversation details in a user profile for later reuse without consent or data minimization language. Because coaching sessions can contain sensitive psychological, relational, and career information, default retention materially increases privacy and misuse risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
These instructions repeatedly direct the agent to record user-specific content such as core problems, interests, actions, and key insights. Repeated retention directives normalize storing sensitive personal data across sessions without a clear privacy boundary or user approval.

Ssd 3

Medium
Confidence
98% confidence
Finding
The '用户档案' section establishes a structured cross-session profile containing issues, interests, action history, and insights. That creates a persistent dossier on the user, which is particularly sensitive in a self-improvement/coaching skill where disclosed information may reveal vulnerabilities, habits, and emotional states.

Ssd 3

Medium
Confidence
98% confidence
Finding
The mandatory rules make maintaining a user archive a default operational requirement for future conversations. Making retention mandatory rather than optional removes meaningful user choice and raises the chance of over-collection of sensitive information.

Ssd 3

Medium
Confidence
98% confidence
Finding
The end-of-conversation workflow explicitly tells the agent to archive key user information and execution results for future recall. This creates systematic retention of sensitive personal development data without any visible consent, purpose limitation, or retention controls.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal