ClawHub

英语笔记出题机

Security checks across malware telemetry and agentic risk

Overview

This is a coherent English-learning skill, but it uses local study files, optional Baidu API credentials, and a local microphone transcription page that users should understand before installing.

Install only if you are comfortable keeping Baidu API keys and learning records in local markdown files and using a localhost speech-recognition server for microphone practice. Do not commit the credentials file to a repository, keep the skill directory private, and close the speech server when the speaking exercise is finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation phrases are very generic conversational terms such as '练英语', '英语练习', and module names like '听力' or '阅读'. In an assistant environment, broad triggers can cause accidental invocation during normal conversation, leading to unintended execution of skill behavior and unexpected access to local resources or generated tasks.

Missing User Warnings

Medium
Confidence
72% confidence
Finding
The README instructs users to place Baidu TTS credentials in a local markdown file and describes automatic maintenance of review-related files, but it does not clearly warn that sensitive credentials and study content may be stored on disk. This increases the risk of inadvertent exposure through backups, sync tools, screenshots, repository commits, or local multi-user access.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list includes broad everyday phrases such as “听力”, “口语”, and “阅读”, which can cause accidental activation in unrelated conversations. In an agent skill that creates tasks, writes files, and may start local services, unintended invocation increases the chance of unwanted side effects without clear user intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill description states it will automatically create five tasks, write temporary files, and clean them up, but it does not clearly warn the user before these state-changing actions occur. This is dangerous because users may invoke the skill expecting tutoring only, while the skill modifies the local workspace and task state without informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The speaking module instructs the agent to write and run a local HTTP server that accepts microphone recordings and stores submitted results, but the document does not provide clear privacy, retention, or attack-surface warnings. Even though it binds to 127.0.0.1, it still processes sensitive voice data and opens a local service that could be misused by other local processes or expose private content through insecure handling.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The document tells users to place Baidu TTS API credentials in a local reference file but does not explicitly label them as secrets or warn against accidental disclosure, logging, or committing them to shared storage. This can lead to credential leakage and unauthorized use of the third-party service.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The page records microphone audio, converts it to base64, and sends it to a local HTTP server for transcription without clearly informing the user that captured speech leaves the page and is transmitted for processing. Even though the destination is localhost, spoken content may contain sensitive personal data, and the lack of explicit disclosure and consent creates a real privacy/security issue in a voice-learning skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The submit flow sends both exercise targets and recognized speech results to the server without prior disclosure or confirmation. This exposes not only the user's speech-derived text but also learning content and timestamps, which can reveal study habits or personal utterances if the local service logs or forwards the data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal