ClawHub

Xiaozhi Teach Assignment Designer

Security checks across malware telemetry and agentic risk

Overview

This teacher-assignment skill is coherent and purpose-aligned, with disclosed student-data integrations and no malware or hidden execution behavior found.

Install if you want a teacher workflow for differentiated homework and rubrics. Before using it with real students, confirm your school’s rules for storing or sharing learning data, and prefer anonymized or aggregate inputs unless the connected student-analyzer is approved for that data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad, common teacher-language expressions such as '帮我设计作业' and '分层作业', which can overlap with ordinary conversation and cause the skill to activate when the user did not explicitly intend to invoke it. This is not a code-execution issue, but it can create incorrect routing, unintended access to connected workflows like student-analyzer, and user confusion in a multi-skill environment.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill mandates activation for a very broad set of common teacher requests, which can override normal skill-selection discretion and cause the system to route many unrelated or only partially related prompts into this skill. That creates a prompt-routing integrity risk: users may be forced into a workflow with hidden assumptions, downstream data dependencies, and potential writeback behavior they did not explicitly request.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises data interfaces with lesson-planner and student-analyzer and later describes writing assignment results back into student-analyzer, but the top-level description does not clearly warn users that student-related data may be transmitted across skills. In an education context, even partially de-identified performance data is sensitive, so undisclosed cross-skill sharing increases privacy, consent, and data-governance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal