ClawHub

幼教百宝箱-AI幼师全流程助手

Security checks across malware telemetry and agentic risk

Overview

This appears to be a preschool document generator with local output by default and optional user-enabled LLM calls, but users should be careful with identifiable child information.

Safe to install for local/template use. Use LLM mode only when you are comfortable sending the prompt to the configured provider, and avoid entering real child names, behavioral records, family details, or other personal information unless your school or organization permits that provider and retention policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
When `--api-key` is supplied, the skill sends user-provided prompts and contextual data to a remote LLM endpoint via `OpenAI(..., base_url=api_base)` and `chat.completions.create(...)`. In this skill context, inputs may include children's observations, names, or parent-facing communications, so undisclosed external transmission creates a real privacy and compliance risk.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list includes many broad, common educational terms such as '教案', '幼儿园', and '活动设计', which increases the chance of unintended activation in ordinary conversations. Unintended activation matters here because the skill can generate files and may route user content into LLM mode, potentially exposing sensitive child-related text or producing actions the user did not intend.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill promotes an LLM-enhanced mode using external API endpoints but does not clearly warn users that prompts may contain children's names, behavioral observations, evaluations, or family communications that would be transmitted to third parties. In a preschool context, this is particularly sensitive because such content can contain minors' personal data and educational records.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The LLM code path transmits user content to a remote API without any runtime warning, confirmation, or consent checkpoint. Because this preschool-teacher skill is likely to process sensitive educational and child-related text, silent transmission increases the chance of accidental privacy leakage to third-party services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal