ClawHub

Childcare

Security checks across malware telemetry and agentic risk

Overview

The skill has no executable code or credential access, but it is advertised as childcare while its instructions are mostly for education and exam-course workflows.

Review before installing. This appears to be a low-privilege, instruction-only skill, but it should not be relied on for parenting, vaccine reminder, daycare-policy, or infant-growth tasks until the publisher aligns the description and body content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest advertises infant/childcare capabilities, but the body of the skill describes education, exam prep, course filtering, and learning analytics. This semantic mismatch can cause the skill to be invoked in the wrong contexts, mislead downstream routing or safety controls, and result in users receiving irrelevant or inappropriate assistance for childcare-related needs.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The title and operational content present the skill as a study/exam service rather than a childcare assistant, directly contradicting the declared purpose. In a skill-routing environment, this increases the chance of accidental or unauthorized invocation under the wrong domain and undermines user trust, especially where childcare advice may be safety-sensitive.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The example triggers are highly generic, such as asking how to use the skill for a 'specific scenario task' or asking about 'latest玩法/优惠信息,' without narrowing the domain. Broad prompts can over-match unrelated user requests and cause unintended invocation, especially when the skill itself is already mislabeled.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal