ClawHub

Xiaozhi Teach Schedule Manager

Security checks across malware telemetry and agentic risk

Overview

This is a text-only teaching schedule helper whose sensitive student-schedule use is disclosed and bounded by teacher confirmation.

Install only where the agent is allowed to handle student scheduling and lesson-hour records. Use pseudonyms, avoid adding real names or parent contact details, and confirm any write-back or parent-facing message before it is sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation rules use broad natural-language triggers such as “排课”, “调课”, “补课”, “本周课表”, and “下一节课谁”, and the metadata says the skill 'must' activate when they appear. In ordinary teacher-parent or teacher-student conversations, these phrases can occur casually, causing unintended invocation of scheduling logic and unnecessary access to student scheduling and lesson-package data. The context reduces severity somewhat because the skill is business-oriented rather than code-executing, but it still handles sensitive educational records, so over-triggering can expose or propagate private operational data.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger examples are very short and ambiguous, including phrases like “调课”, “补课”, “本周课表”, “有没有冲突”, and “我下一节课是谁”, without boundaries that distinguish operational requests from general discussion. This increases the chance of accidental skill routing during unrelated dialogue, which can lead to inappropriate retrieval, display, or writing of schedule and lesson-accounting information across connected skills such as dashboard and parent-communication.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal