ClawHub

Kid Tutor - 儿童AI家教助手

Security checks across malware telemetry and agentic risk

Overview

This tutoring skill appears purpose-built, but it stores identifiable learning records about children while understating privacy and consent implications.

Install only if a parent or guardian understands and accepts local storage of a child’s profile and learning history. Prefer pseudonyms instead of real names, keep the data directory private, delete old sessions when no longer needed, and do not send reports through Feishu or any other channel unless the recipient and consent are explicit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill instructs the agent to read and write local files containing children’s profiles and session records, but no permissions are declared. That creates an authorization and transparency gap: the host or user cannot clearly evaluate or constrain filesystem access, especially because the data involves minors’ educational records.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill claims it does not collect sensitive personal information, yet it directs storage of a child’s name, age, grade, interests, and learning history. For minors, this is personal data and can become sensitive in context, so the contradiction may prevent informed consent and lead to improper handling of children’s records.

Vague Triggers

Medium
Confidence
78% confidence
Finding
Broad activation triggers like general references to child learning or tutoring can cause the skill to activate during ordinary conversation without clear user intent. In this context, accidental activation is more concerning because the skill may start collecting or persisting children’s educational data and generating parent-facing outputs without sufficiently explicit opt-in.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes storing children’s learning records and sending reports to parents, but it does not clearly warn users about retention, sharing, or where data is stored. Because the data concerns minors, lack of notice materially increases privacy risk and may lead to unauthorized disclosure or noncompliant handling of child data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script stores and prints a child’s profile containing personal data such as name, age, grade, interests, and learning metrics without any access controls, minimization, consent flow, or privacy notice. In the context of a child tutoring skill, this is more sensitive than ordinary user data because it concerns minors, so accidental disclosure through shared terminals, logs, or insecure storage can create a real privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The session logger accepts arbitrary session JSON from a file or stdin and writes detailed learning records to disk, then updates cumulative child performance statistics. Because these records may include educational history, weaknesses, and timestamps for a minor, unprotected storage and indiscriminate ingestion increase the risk of sensitive data exposure, overcollection, and retention of unnecessary child data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal