ClawHub

语文写作教练

Security checks across malware telemetry and agentic risk

Overview

This Chinese writing-coach skill is mostly purpose-aligned, but it should be reviewed because it can persist student writing and build long-term writing profiles without clear retention, deletion, or consistently enforced consent controls.

Install only if you are comfortable with student writing samples, topics, and inferred writing weaknesses being remembered for coaching. For minors or classroom use, get clear consent, avoid sensitive personal details in drafts, and look for a way to inspect, disable, or delete the writing DNA/profile memory before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The state machine explicitly defines persistent tracking fields and later updates long-term writing-profile records, while the skill metadata says long-term style tracking should only be enabled after explicit user consent. This creates a privacy and policy violation risk because student writing content and inferred traits may be stored by default without a clear consent gate.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The instruction to invoke this skill for essentially any writing, composition, argumentation, or debate-related Chinese-language scenario is overly broad and can hijack unrelated user intents. In a multi-skill environment, this can cause inappropriate routing, reduce user control, and trigger memory-bearing tutoring workflows where the user did not explicitly ask for them.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Several trigger phrases are common and ambiguous, so the skill may activate on ordinary conversation that only loosely mentions writing help. That creates unsafe prompt-routing behavior: the assistant may enter a rigid workflow, collect or retain extra student data, or refuse otherwise appropriate assistance based on a mistaken classification.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
Forcing Chinese-language operation without offering user choice can cause the assistant to ignore user preference or accessibility needs, which is a control and safety issue in skill invocation. While not a classic exploit vector, it can lead to miscommunication, incorrect guidance, or unintended disclosure if the user responds in a language they are less comfortable using.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document specifies persistence of essay topics, student outputs, progress, and resume behavior, but does not mention notice, retention limits, or privacy disclosures. Because this skill handles student writing, silent retention can capture potentially sensitive educational data and increase compliance and data-governance risk.

Ssd 3

Medium
Confidence
94% confidence
Finding
The persistence guidance says to store the current step, step progress, and collected student outputs for recovery, which exceeds strict operational necessity and creates a natural-language retention surface. If exposed through logs, support tooling, prompts, or future sessions, prior student writing and context could be leaked or unnecessarily reused.

Ssd 3

Medium
Confidence
96% confidence
Finding
The instruction to write user-derived 'DNA' and error-tracking archives creates an ongoing profile of a student's writing traits and weaknesses. Persistent profiling of educational content is sensitive, especially when tied to iterative writing sessions, and can lead to privacy harms if done without explicit consent, minimization, and governance.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal