ClawHub

A-Level Physics CIE 9702

Security checks across malware telemetry and agentic risk

Overview

This is a coherent physics exam-prep skill; normal use is local inference, while broader scraping and DeepSeek training tools are disclosed and user-directed.

Safe to install for local CIE 9702 answer-template help. Only run the retraining or full-pipeline commands if you intend to download exam PDFs, create local datasets, and potentially send question and mark-scheme text to DeepSeek using your API key; avoid those workflows for private or licensing-sensitive material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises a relatively narrow inference use case, but the repository capabilities include environment access, filesystem access, shell execution, MCP, and network operations without declared permissions. Even if some of these are intended only for maintainer workflows, the lack of explicit permission boundaries increases the chance that an orchestrator or reviewer will grant broader trust than warranted, enabling unintended file, network, or command execution paths.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documentation frames the skill primarily as local answer-template generation, but the described behavior extends to broader scraping, PDF downloading from configurable sources, Playwright-based dynamic browsing, end-to-end training pipelines, and agentic/self-verification loops. This mismatch is security-relevant because operators may approve or execute the skill under the assumption of low-risk local inference, while hidden or underemphasized capabilities materially expand the attack surface for network access, remote content ingestion, and command execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
In deepseek mode, the script sends full question text and optional mark-scheme excerpts to a third-party API. That creates a real data-transfer/privacy risk because potentially copyrighted or sensitive dataset content leaves the local environment, and the disclosure is only implicit in the mode name and repository docs rather than enforced at the call site with an explicit confirmation or warning.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation instructs users to send extracted question and mark-scheme data to DeepSeek using an API key, but it does not clearly warn that this transmits dataset contents to a third-party service. Even if the data is educational rather than highly sensitive, undisclosed external transmission can create privacy, licensing, and compliance risks, especially if users assume the pipeline is fully local based on the broader skill description.

Vague Triggers

Medium
Confidence
88% confidence
Finding
These triggers include generic study-help phrases such as answer-structure and question-breakdown requests that are not tightly bound to CIE 9702. In a routing system, overly broad triggers can cause unintended activation, exposing users to the wrong skill behavior and reducing isolation between skills even if no direct code execution occurs.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Many entries in this range are standalone topic labels like specific syllabus concepts, formulas, or apparatus names with no clear reference to this skill. Such ambiguous single-topic triggers can overmatch ordinary physics questions, leading to accidental invocation and prompt-routing confusion across unrelated educational contexts.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The Chinese trigger set repeats the same issue with broad educational phrases like how to answer this physics question or answer template wording without sufficiently constraining board, paper type, or use case. This increases unintended activation for general Chinese-language study requests and makes routing less predictable.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal