ClawHub

Xiaozhi Teach Homework Tracker

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a homework-tracking teaching assistant, but its mandatory broad activation could cause unintended access or updates to student-related records.

Review before installing if this agent has access to real student records. Use it only where homework tracking and student diagnostics are intended, and prefer a version that requires explicit homework/student context or confirmation before reading or updating linked records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases include broad natural-language requests such as '下节课讲什么/预诊断' and '作业没交怎么办', which can match ordinary teaching conversations without strong scoping to homework-tracking operations. This can cause unintended skill activation, leading to incorrect routing, over-collection of student performance data, or interference with other teaching skills in ways that affect privacy and workflow integrity.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list includes broad natural-language phrases such as '下节课讲什么' and '作业状态怎么追', combined with '必须激活此SKILL', which can cause the skill to activate outside a clearly bounded homework-tracking context. This creates routing confusion and unintended data handling, especially because the skill reads from and writes to several other teacher/student profile components.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill mandates activation for several phrases but does not define exclusion conditions, disambiguation rules, or when another skill should take precedence. In a multi-skill environment, this ambiguity can misroute requests, over-collect student-related status data, and trigger unnecessary writes to downstream systems like student-analyzer, lesson-log, or solo-dashboard.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal