Back to skill

Security audit

Writing Coach Pro

Security checks across malware telemetry and agentic risk

Overview

This is a coherent writing-coach skill with disclosed local persistence and optional dashboard reporting, but users should treat its saved writing history as personal data.

Install only if you are comfortable with this skill saving writing metadata, preferences, and possible text excerpts locally, and possibly syncing derived stats/issues to a dashboard if installed. Use a local LLM for sensitive documents, review dashboard settings before relying on sync, and verify the data path carefully before running cleanup commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill exposes shell-script execution paths (`export-report.sh` and `style-check.sh`) even though the document is primarily a writing-analysis skill. This expands the attack surface from text processing into command execution, and if those scripts consume untrusted filenames or content, they could enable command injection, arbitrary file access, or unsafe local execution.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The README instructs users to invoke the skill with the phrase "review this," which is common conversational language and likely to appear in normal chats. In an agent environment, an overly broad trigger can cause accidental activation on unrelated content, leading the skill to process or rewrite text unexpectedly and increasing the chance of unintended data exposure or workflow interference.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises "Persistent Style Memory" that learns user preferences over time but provides no privacy, storage, retention, or consent details. Because writing samples often contain sensitive personal, business, or regulated information, silent persistence can create a meaningful confidentiality and compliance risk if users do not understand what is stored and for how long.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The example trigger phrases like "review this," "full review," and "rewrite this" are extremely generic and likely to collide with ordinary user conversation. In an agent skill context, broad activation phrases can cause unintended invocation of the skill on arbitrary pasted content, increasing the chance of accidental processing or disclosure of sensitive text.

Vague Triggers

Low
Confidence
84% confidence
Finding
The phrase "set up my writing profile" is vague and could be interpreted broadly by an agent, especially if multiple skills support profile or setup workflows. This can lead to ambiguous routing or unintended changes to persistent user settings without sufficiently explicit confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide states that the skill tracks accepted and rejected suggestions over time and adapts to the user's style, but it does not clearly warn users that behavioral and preference data is being retained. Persistent collection of writing-related data can expose sensitive habits, inferred preferences, or confidential content patterns if accessed by other components or compromised.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation says Writing Coach Pro automatically feeds writing statistics to the NormieClaw Dashboard without clearly warning the user that data is being shared to another component. Even if only statistics are transmitted, cross-component sharing can expand exposure of user activity and create privacy or access-control risks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The troubleshooting section instructs users to delete the data directory with a recursive force-delete command but does not prominently warn that this will permanently erase learned preferences and historical data. Destructive maintenance commands in end-user documentation can cause accidental data loss, especially for non-technical users.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill stores persistent writing preferences and learned behavioral data across sessions but does not clearly warn the user about retention, sensitivity, or lifecycle of that data. Writing samples and preferences can reveal identity, profession, habits, and confidential content, so silent persistence creates a privacy and surveillance risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The learning loop tracks acceptance and rejection behavior over time, effectively monitoring user interactions without an explicit opt-in notice. Behavioral telemetry can be sensitive because it reveals user preferences, editing habits, and inferred traits, especially when accumulated cross-session.

Missing User Warnings

High
Confidence
98% confidence
Finding
The dashboard integration exports session summaries, issue details, and profile history to additional tables without a clear warning or consent boundary. Secondary sharing materially increases exposure because sensitive writing-analysis data is duplicated into another system, broadening access, retention, and breach impact.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill specifies persistent logging, session histories, issue tracking, and cross-session summaries in plain language, confirming broad retention of user interaction data. Even absent malicious intent, this creates a substantial privacy risk because writing reviews may contain confidential business, academic, or personal information that becomes stored long-term.

Ssd 3

Medium
Confidence
97% confidence
Finding
The acceptance detection logic treats silence or indirect behavior as signals for logging and profile adaptation, relying on implied rather than explicit consent. This is dangerous because it can create durable records and inferred preferences even when the user never knowingly agreed to tracking.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
SECURITY.md:37

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
SETUP-PROMPT.md:90