ClawHub

Xiaozhi Teach Review Planner

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed teacher review-planning skill with no executable code, but users should be mindful that it can use student learning data from related skills.

Install this if you want a structured review-planning workflow for teachers. Provide only the student learning data needed for planning, prefer aggregate or pseudonymized data, and review outputs before writing anything back to related student-analysis tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase around line 24 is broad enough to match common teacher requests, which can cause this skill to activate when the user did not explicitly ask for structured review planning. Over-broad activation can misroute user intent, override more appropriate skills, and create unreliable behavior in multi-skill environments.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The listed trigger phrases are ambiguous and lack clear activation boundaries, so multiple ordinary educational queries could invoke this skill unintentionally. In an agent system, ambiguous routing is a security-relevant quality issue because it can lead to prompt/scope confusion, unintended data sharing with linked skills, or suppression of the correct specialist skill.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill metadata says it 'must activate' for several common teacher phrases such as asking for a review plan or chapter knowledge map. That creates an over-broad routing rule that can hijack normal conversation flow, trigger the skill when the user only wants lightweight advice, and unnecessarily pull in connected skills or data paths. In this educational context the impact is operational rather than directly exploitative, but it can still cause unintended data use and wrong-tool execution.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger section enumerates many broad utterances like '期中怎么复习' and '本章重点是什么' without clear boundaries, exclusions, or confidence thresholds. This increases unintended activation risk, especially because some phrases overlap with lesson planning, tutoring, assessment design, or general Q&A. Given the skill's downstream integrations, accidental invocation could lead to unnecessary processing of student-analysis inputs or inappropriate workflow selection.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal