ClawHub

Xiaozhi Teach Lesson Planner

Security checks across malware telemetry and agentic risk

Overview

This is a lesson-planning skill made of Markdown guidance only, and the reviewed behaviors fit its teaching-design purpose.

Installers should treat this as a teaching assistant for lesson-plan drafting, not an autonomous student-record system. Use anonymized class summaries, avoid real student identifiers, and confirm any generated plan before using it in class.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are common, natural-language requests such as asking for a lesson plan or how to teach a class, which makes accidental or over-broad activation likely. In an agent environment, this can route users into this skill when they intended a different educational workflow, causing misfires, context hijacking, or suppression of more appropriate tools.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The front-matter description says the skill must activate on broad phrases like '写一份教案' and '这节课怎么上', which are common conversational requests and lack narrow routing constraints. This can cause unintended invocation, hijack user intent from other teaching or general-assistance skills, and increase the chance that downstream data-dependent behavior is triggered without the user explicitly asking for this specific workflow.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger table mixes many adjacent scenarios—new lesson design, review class, exam commentary, revising prior plans, question design, and group lesson-prep—without clear decision boundaries or required parameters. In a multi-skill environment this ambiguity can lead to over-activation, incorrect routing, and accidental collection or use of class-analysis context when a narrower or different skill should have handled the request.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal