Back to skill

Security audit

Idea Coach

Security checks across malware telemetry and agentic risk

Overview

Idea Coach is a coherent local idea manager with user-invoked GitHub features, but users should treat stored or synced ideas as potentially sensitive.

Install if you are comfortable keeping idea notes in ~/.openclaw/idea-coach/ideas.json and using your current GitHub CLI identity. Avoid storing secrets or highly confidential plans, check which GitHub account gh is authenticated to, and review repo visibility before using public repo creation or syncing ideas as issues.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises shell, file read, and file write capabilities via its documented CLI workflows, but it does not declare any permissions or safety boundaries. That mismatch can cause users or hosting agents to run the skill with broader effective access than expected, increasing the chance of unintended local file modification or shell-side effects.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The concept explicitly proposes proactive reminders and cross-conversation memory use, which implies retention and reuse of personal idea, problem, and challenge data over time. Because the document does not pair this with clear user consent, retention limits, visibility controls, or privacy warnings, users may unknowingly expose sensitive personal or work information to persistent storage and future prompts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The GitHub integration encourages creating repositories and syncing idea content to GitHub, including an explicit public-repo option, but provides no warning that potentially sensitive ideas may be transmitted to a third party or exposed publicly. In this context, the skill manages early-stage ideas, problems, and challenges, which may contain private business, personal, or security-sensitive information, making accidental disclosure a realistic risk.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The script automatically infers whether user text is German or English and stores that classification without user choice or disclosure. While not a code-execution flaw, it is a privacy and data-governance issue because it derives and persists metadata from potentially sensitive idea content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The GitHub integration sends idea titles and descriptions to GitHub when creating repositories or syncing issues, but the CLI provides no explicit warning, confirmation, or consent step at the moment of transmission. Because ideas may contain confidential business plans, personal notes, or security-sensitive problem statements, unintended external disclosure is plausible.

Missing User Warnings

Low
Confidence
74% confidence
Finding
Repository lookups and commit queries make outbound requests to GitHub and may expose the existence of queried repositories or user workflow metadata without clear disclosure. The data sent is limited compared with repo creation or issue sync, so the risk is lower, but this still creates an undisclosed external dependency and privacy surface.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.