ClawHub

高考助手 Gaokao Tutor

Security checks across malware telemetry and agentic risk

Overview

This Gaokao tutoring skill is coherent and not deceptive, but it stores student learning data and handles severe distress without enough consent, deletion, or crisis-safety safeguards.

Review carefully before installing for student use. The skill does not appear to exfiltrate data or run hidden code, but users should be comfortable with persistent local storage of educational profile and mistake history, and should not rely on it for mental-health or crisis support. For safer use, require explicit consent before memory features, add clear view/delete controls, and add crisis-response instructions that direct users to immediate human help when self-harm language appears.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The manifest advertises broad trigger phrases such as generic tutoring/help requests, which can cause the skill to activate in situations the user did not specifically intend. While this is not direct code execution, unintended activation can expose personal study context, trigger persistence workflows, or steer general conversations into a skill with memory behavior.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The routing logic relies on loose keyword matching across many overlapping educational and emotional phrases, so ordinary conversation may invoke the wrong module. In this skill, ambiguous routing is more concerning because some modules read/write memory or invoke scripts, making accidental state changes or disclosure of stored data more likely.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The first-run flow collects and persists student attributes including grade, exam year, province, subject weaknesses, and countdown information without an upfront privacy notice or consent step. This creates a privacy risk because minors' educational data is retained across sessions without clear disclosure, retention limits, or deletion controls.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states that profile data will be written and later used to drive responses, but it does not warn the user that this information persists or explain lifecycle management. Persistent storage of learning preferences and educational history can accumulate sensitive patterns over time, especially for student users.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The mistake-book feature stores detailed study history and review cadence persistently, but the skill does not provide a general upfront disclosure that this educational performance data will be retained. Because the target users are students, potentially minors, storing weakness patterns and error history without transparent consent increases privacy and profiling risk.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The design says emotional support is triggered by automatically detecting keywords, but it does not define clear boundaries, consent, or escalation criteria. In an education setting with minors, broad keyword-based triggering can misclassify normal academic frustration as mental-health need, produce inappropriate supportive or crisis-like responses, and create privacy/safety issues if sensitive inferences are made without user opt-in.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The skill requires collecting province and exam year as mandatory profile fields and states that all answers are adapted from that profile, but it does not mention user opt-in, minimization, or fallback behavior when the user declines. This creates a privacy and fairness risk: users may be forced to disclose location-related data before receiving help, and stale or incorrect profile data could drive misleading guidance for admissions and policy-sensitive advice.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The anxiety-level trigger list includes broad phrases like '好难', '好烦', and '好累' that are common in ordinary tutoring interactions. In a Gaokao tutoring context, this can cause the emotional-support flow to activate too often, diverting normal academic help and potentially misclassifying routine frustration as mental-health distress.

Vague Triggers

High
Confidence
98% confidence
Finding
The crisis-level trigger set includes severe language such as '绝望' and '想死' but does not define escalation boundaries, exceptions, or required emergency handling. This is dangerous because the system may respond with generic reassurance and companionship language instead of recognizing potential self-harm risk and directing the user to immediate human support.

Missing User Warnings

High
Confidence
99% confidence
Finding
The guidance addresses severe distress statements, including possible suicidality, without any limitation notice or referral to urgent human help. In an education skill used by stressed students, this omission increases the chance that a high-risk user receives only comforting text, delaying real-world intervention during a crisis.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The command phrases are short, natural-language strings like “查看错题本”, “今日复习”, and “清空错题本”, which can plausibly overlap with ordinary conversation and cause unintended invocation. In this tutor context, accidental triggering could expose or modify a student's mistake-tracking data, though the actions described are limited and one destructive action notes confirmation is required.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal