ClawHub

Xiaozhi Skill Coordinator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed educational coordinator that reads and writes learning-system summaries only within stated user-consent and task-scope limits.

Install only if you want a central learning coordinator that can combine summaries from multiple Xiaozhi learning skills and, with consent, update learner profiles or reminders. Before using it with students, confirm which source skills may be queried, whether profile writeback is allowed, and when reminders may be created.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill’s stated scope is bounded, minimal-necessary coordination for a current task, but this section expands it into a cross-agent orchestration and write-capable hub with schema-governed handoffs and potential persistent writeback. That creates a privilege/scope mismatch: a coordinator that can trigger downstream writes to long-term stores materially increases the blast radius of prompt misuse, over-collection, or unauthorized persistence even if the document also mentions consent and validation.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Documenting profile_writeback to a long-term learning DNA store gives this coordination skill a path to modify persistent learner profiles beyond simple task-time aggregation. Even with schema validation, the core risk remains unauthorized or excessive retention of sensitive educational inferences, which can poison future personalization and create privacy/compliance issues if triggered too broadly or without robust consent enforcement.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Broad conversational activation phrases such as requests for a monthly panoramic report or whether the learning system is running well can cause the skill to trigger in situations where the user did not intend cross-skill aggregation. In a coordinator handling multiple educational data sources, unintended invocation raises the chance of unnecessary data access, implicit consent bypass, and over-broad processing even if the text says to use minimal fields.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal