ClawHub

Xiaozhi Teach English Speaking Designer

Security checks across malware telemetry and agentic risk

Overview

This is a text-only English speaking lesson design skill; the main practical risk is careful handling of student voice recordings and speaking profiles.

Installers should treat this as a classroom-planning skill, not an automated data collector. Before using it with real students, especially minors, require consent, use pseudonyms, store recordings securely, limit who can access them, keep them only as long as needed, and avoid sending student audio or profiles into other tools unless explicitly authorized.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are very broad, generic teaching questions and can match ordinary conversation outside the intended skill scope. This can cause unintended activation, routing users into the skill when they did not ask for structured speaking-activity design, increasing prompt hijacking surface and reducing reliability of tool selection.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger section lists very common teaching-related phrases and does not define exclusion rules, priority logic, or disambiguation criteria. In an agent platform, this can cause the skill to activate outside its intended scope, leading to inappropriate routing, user confusion, and unnecessary access to student-related workflow outputs such as speaking profiles or feedback artifacts.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest states the skill 'must activate' on several broad, common instructional phrases, which increases the chance of overbroad auto-invocation at the platform level. Even without malicious code, mandatory activation on generic language can misroute conversations and expose downstream integrations or student-analysis interfaces more often than necessary.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document explicitly instructs teachers to prepare and retain student speech audio samples for later review, but it provides no guidance on consent, minimization, retention limits, access control, or anonymization. In an education context involving minors ('初二'), this creates a real privacy and compliance risk because voice recordings are personal data and may be sensitive in school settings.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal