ClawHub

Xiaozhi English Grammar Coach

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only English grammar coaching skill with disclosed learner-progress tracking, but users should understand its coaching and profile-sharing behavior before enabling it.

Install this if you want a Socratic grammar coach that tracks recurring grammar weaknesses over time. Before using persistent tracking, confirm where the grammar DNA is stored, whether other Xiaozhi learning skills can receive handoffs, and how to turn off reminders or long-term learner profiling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The reference document materially broadens the skill from grammar coaching into a general English-learning orchestration layer covering pronunciation, listening, writing logic, and other skills. This creates scope drift between manifest and implementation guidance, which can cause the agent to collect, classify, or act on user inputs outside the user-expected purpose and outside reviewed boundaries.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
Requiring this grammar skill to classify and track pronunciation, listening, and writing-logic errors expands data processing beyond its declared purpose. Even without direct code execution, this can lead to unauthorized profiling of users' broader learning weaknesses and trigger behaviors not disclosed in the skill metadata.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documented cross-skill routing and data-flow rules give this skill authority to push findings to other skills and participate in multi-skill tracking, but these responsibilities are not described in the manifest. Hidden data sharing and orchestration paths are dangerous because they can bypass user expectations, complicate review, and spread sensitive educational profiling across components without clear consent or least-privilege controls.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill mandates activation for a very broad set of common English-grammar requests ('must activate this SKILL') without clear scope limits or fallback behavior. In an agent system, this can override normal intent routing and user preference, causing the skill to capture interactions too aggressively and potentially trigger unwanted tracking or rigid workflows in benign contexts.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill hard-codes a non-optional teaching policy ('never directly give answers') that can conflict with explicit user requests for direct correction or concise help. This reduces user agency and can produce unsafe or degraded behavior in downstream agent orchestration by forcing a fixed interaction style even when the user does not consent to coaching mode.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal