ClawHub

Xiaozhi Physics Problem Coach

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only physics tutoring skill whose learning-record features are purpose-aligned and disclosed, though users should understand the optional progress-tracking data flows before enabling them.

Install only if you are comfortable with a physics tutor keeping progress/error records for personalization. For students or minors, confirm that long-term error-DNA or learning-DNA updates are enabled only with informed consent, and look for controls to review, disable, or delete stored learning records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The archive step expands the skill from tutoring into persistent learner profiling by generating error DNA records, updating learning DNA, and retaining detailed student performance data. In an education context this is sensitive behavioral profiling, and doing it by default creates privacy and purpose-limitation risks, especially for minors.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The workflow sends detailed student records to multiple downstream systems such as 物理错误DNA, 学习DNA, and a general error notebook without any visible justification or consent boundary in the skill definition. Cross-system propagation increases data exposure, makes secondary use more likely, and amplifies harm if any connected system is misconfigured or later repurposed.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The design includes OCR or multimodal recognition, persistence of student work, and resumable session state, but the workflow text does not present any user-facing notice about what is collected, how long it is stored, or who can access it. Because the skill processes student-submitted images and learning records, silent retention creates meaningful privacy risk and undermines informed consent.

Missing User Warnings

High
Confidence
97% confidence
Finding
The archive workflow explicitly pushes detailed student answer data, error classifications, root-cause analysis, and related metadata into other tracking systems without any clear warning or opt-in. This is particularly dangerous in a student coaching context because it enables broad profiling and reuse of sensitive educational data beyond the immediate tutoring interaction.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal