ClawHub

Xiaozhi Teach English Assessment

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed English assessment workflow skill with no executable code, though its broad triggers and student-profile writeback deserve user awareness.

Install only if you want teacher-facing English assessment workflows. Because it can create or update student ability profiles, use pseudonyms where possible and confirm before letting outputs be written back into other student-analysis or lesson-planning tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are generic educational queries such as asking about a student's English level or comprehensive assessment, which can easily occur in ordinary teacher conversations. This can cause over-broad or unintended activation, leading the agent to invoke this skill in contexts where the user did not explicitly request structured assessment behavior.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation instructions use broad natural-language phrases such as asking about a student's English level or assessment, which are common in ordinary teacher workflows and can cause the skill to trigger unintentionally. In an agent system, overbroad routing can expose student assessment data paths, override a more appropriate skill, or produce outputs outside the user's actual intent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger table includes ambiguous phrases like '学员英语水平如何' and '学员英语弱' without activation boundaries, making unintended invocation likely. Because this skill writes profiles and intervention outputs to other skills, accidental activation could propagate mislabeled assessment data or inappropriate educational recommendations across connected components.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal