ClawHub

Xiaozhi Teach Solo Dashboard

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent teacher dashboard, but its broad automatic triggers could cause student and parent workflow data to be read when the user only asked a generic planning question.

Install only if you intend this skill to handle independent-teacher dashboard requests. Use explicit teacher-workbench prompts, and consider narrowing activation or adding confirmation before it reads student, parent, homework, or course-hour data for generic requests like “what should I do today?”

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are broad, conversational requests like '今天有哪些课/今日待办' and '我今天该怎么安排', which can easily overlap with normal user dialogue outside a narrowly intended dashboard context. This can cause unintended skill activation, leading the agent to access or reorganize sensitive teacher/student workflow data when the user may have meant a generic planning request.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill declares broad trigger phrases such as variants of '今天我要做什么' and '帮我整理今天课表', and even says it 'must activate' on such requests. This can cause the dashboard skill to hijack generic planning or scheduling requests that may belong to other skills or normal assistant behavior, leading to unnecessary access to shared workspace data and incorrect workflow execution.

Vague Triggers

Low
Confidence
86% confidence
Finding
Trigger scenarios like '早间启动' and '复盘' are underspecified and can match many unrelated conversational contexts. In a skill that aggregates sensitive student, parent, and course-package data, ambiguous activation increases the chance of over-triggering and exposing or processing data when the user did not clearly request the teacher dashboard.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal