ClawHub

智能批改作业

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local document-grading helper, but it stores extracted student document text and path metadata locally, so users should manage that data carefully.

Install only if you are comfortable with a local grading tool extracting student papers into /tmp/auto_grading. Use it on a specific intended archive or folder, avoid broad directories, and delete the generated text files and manifest after review if they contain student names, IDs, thesis content, or private project details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The script persists full extracted document text and a manifest containing source metadata to disk, even though the skill is framed as a grading/review tool rather than an archival export tool. For thesis and student-work workflows, this can create unintended retention of sensitive academic content, personal data, and filesystem structure in a shared or weakly protected location.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Describing 'uploading a paper/archive file or directory' as a trigger without scope constraints makes activation ambiguous and may cause automatic processing of entire archives or folders. Because the skill is designed for batch reading across multiple document types, ambiguous scope can lead to over-collection, accidental review of unrelated files, and unnecessary exposure of sensitive student data.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Describing 'uploading a paper/archive file or directory' as a trigger without scope constraints makes activation ambiguous and may cause automatic processing of entire archives or folders. Because the skill is designed for batch reading across multiple document types, ambiguous scope can lead to over-collection, accidental review of unrelated files, and unnecessary exposure of sensitive student data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that extracted text is written to /tmp/auto_grading/ but does not warn users that uploaded document contents will be materialized on the local filesystem. This is a privacy and data-handling issue, especially for student papers, reviews, names, IDs, and project materials, because temporary storage may persist longer than expected or be accessible to other local processes depending on the environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code writes raw extracted document content to disk without any in-code indication, consent flow, or privacy control. In the context of student papers and thesis archives, this can unintentionally persist highly sensitive material, creating confidentiality and data-retention risk if the output directory is accessible to other users or later collected by backups/logging.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The manifest stores source filenames and full paths, which may reveal student identities, project names, or host filesystem layout. While lower impact than storing full text, this metadata can still leak sensitive context and aid later targeting or privacy violations if retained unnecessarily.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal