ClawHub

Xiaozhi Teach Chinese Reading Guide

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese reading-instruction skill with disclosed student progress tracking, but no executable code or hidden system access.

Install only in contexts where teachers are authorized to track student reading progress. Use pseudonyms, avoid unnecessary personal details, keep records in approved school systems, and confirm before syncing assessment data to student-analysis, resource-library, parent-communication, or student-facing tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill mandates activation for very common classroom phrases such as asking how to teach a text or reading comprehension, which creates over-broad routing and reduces user control. In a teaching workflow, this can cause unintended invocation, context capture, and unnecessary processing or sharing of student-related inputs with connected skills.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The listed trigger phrases are broad and ambiguous, covering routine educational discussion without clear boundaries for when the skill should or should not run. This increases the chance of accidental activation during unrelated teacher conversations, which is more concerning because the skill integrates with student-analysis and downstream systems.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states that it will build data interfaces with student-facing and student-analysis systems, but it does not present a clear user-facing notice, consent gate, or data-minimization rule at the point of use. Because the data concerns student reading ability and assessment, silent sharing can expose educational profiling data across systems.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documented workflow sends reading-growth and assessment outputs into student-analyzer and other downstream components without an operational warning about privacy implications or access controls. In context, this is student performance data, so unintended propagation can enable overcollection, profiling, or broader exposure than the teacher expects.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file explicitly instructs teachers to maintain pseudonymized student profiles, reading-interest lists, and growth records, but provides no privacy, consent, retention, or access-control guidance. In an education context this can lead to unnecessary collection of student behavioral data, re-identification risks, and insecure handling of potentially sensitive learner information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal