ClawHub

teaching-materials

Security checks across malware telemetry and agentic risk

Overview

This teaching-document skill is mostly coherent, but it asks for site passwords, stores them locally, and automatically downloads or saves web resources.

Review before installing. Do not give this skill real passwords unless you accept the risk of local password storage; prefer manual login, official downloads, or a separate low-privilege account. Confirm every website, download, screenshot, output path, and external MCP/package invocation, and only import resources you are licensed or otherwise authorized to reuse.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill’s declared purpose is teaching-document generation, but the body expands into autonomous web searching, downloading, and account-backed retrieval from third-party sites. This materially broadens the trust boundary and introduces credential handling and network exfiltration risks that are not justified by the manifest, making it a genuine scope-deception issue.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill instructs collection of third-party site usernames and passwords and saving them locally in a JSON file for later automated use. Plain credential collection and persistent local storage are highly sensitive behaviors that create immediate risk of credential theft, reuse compromise, and unauthorized account access if the workstation or file is exposed.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The document reassures users that credentials will only be used for auto-login downloads, yet also mandates persistent password storage in a local file. This mismatch understates the real risk and may cause users to disclose secrets without understanding that they are being retained in a recoverable form.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The document presents a teaching-materials skill but describes automatic invocation of a separate diagram-generator skill and production of standalone diagram files, which expands behavior beyond the declared scope. This kind of scope drift is risky because users may grant trust to a document-generation skill without realizing it can orchestrate other tooling and create additional artifacts.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill documentation instructs use of an MCP configuration in the user's home directory and launches an external service via npx, introducing code execution and supply-chain risk unrelated to simple teaching document generation. If abused, this could cause execution of untrusted packages or unauthorized external-tool activity under the user's environment.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The document explicitly advises preserving content from third-party commercial education platforms via screenshots and content extraction when direct download is restricted. That guidance can facilitate bypassing platform restrictions and copyright controls, which exceeds the stated purpose of generating teaching materials and exposes users and operators to IP and compliance risk.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Suggesting screen capture specifically when downloads are limited or blocked is effectively advice for circumventing access controls imposed by the source platform. In the context of a teaching-material generation skill, this creates a stronger misuse path toward unauthorized copying of paid or restricted educational content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill requires automatic downloading and writing of web resources to disk as part of normal execution, but does not provide a clear, up-front consent boundary for file creation and persistence. This can surprise users, store untrusted content locally, and increase exposure to malicious files or sensitive data accumulation.

Missing User Warnings

High
Confidence
99% confidence
Finding
Prompting users to hand over third-party usernames and passwords for later storage is a highly sensitive action, and the warning provided is not sufficient to establish informed consent. Users may reasonably assume the agent is a safe password recipient when it is not an appropriate secret-handling boundary.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The document describes automatically generating and saving PPT and diagram files but does not mention any confirmation, warning, or approval flow before writing to local storage. Silent file creation can surprise users, overwrite existing work, or normalize unauthorized local modifications by an agent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide explicitly says the system will automatically generate files and save them to a fixed local path on disk, but it does not mention obtaining user confirmation, allowing configuration, or warning about filesystem side effects. In an agent skill, undocumented automatic writes can lead to unintended file creation, overwrites, privacy issues, and unsafe assumptions about host environment access, especially if later code derives filenames from user-controlled lesson metadata.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide instructs the system to automatically save generated mind map source files to a fixed local path (d:/WorkBuddy/MyTeacher/diagrams/) without any user-facing notice or consent. This can create unintended local file writes, expose sensitive teaching content or student-related material in predictable locations, and violate least-surprise expectations in an agent workflow.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly directs the agent to solicit credentials and persist them for future automation, which is unsafe secret handling. In the context of an educational content tool, this behavior is especially unjustified and expands the blast radius from document generation to compromise of external user accounts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal