ClawHub

Xiaozhi Learning Plan

Security checks across malware telemetry and agentic risk

Overview

This is a coherent learning-plan skill, but it needs review because it can use student history and produce parent-facing emotional or anxiety inferences without a clear consent model.

Review this carefully before installing for students, especially minors. Use it only with explicit consent for learning-record access, ongoing monitoring, reminders, and any parent dashboard. Avoid or disable parent-facing emotional/anxiety summaries unless there is a clear guardian/student consent and privacy process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill includes parent-facing summaries of emotional state, anxiety, and avoidance signals, which are sensitive inferences that exceed a narrow study-planning function. Sharing such inferred mental-state information to parents without a clearly defined consent, necessity, and disclosure model can expose minors to privacy harm and inappropriate profiling.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill advertises use of 'real learning data' but later relies on an emotion profile that is not disclosed in the manifest or early user-facing description. This creates a transparency and scope-expansion problem: users may consent to academic planning while unknowingly being subjected to sensitive emotional inference and downstream sharing.

Vague Triggers

High
Confidence
90% confidence
Finding
The trigger language is overly broad and says the skill 'must' activate for many common study-planning requests, reducing user choice and increasing the chance that historical learning data is pulled in by default. In a context involving student records and potentially minors, aggressive auto-invocation materially raises privacy and over-collection risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes use of historical learning data and parent-facing summaries but does not provide an upfront privacy or data-use warning before those capabilities are introduced. Without a clear notice about what data is accessed, who may see outputs, and under what conditions, users cannot give meaningful informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal