ClawHub

Xiaozhi Teach Student Analyzer

Security checks across malware telemetry and agentic risk

Overview

This teacher analytics skill is not malware, but it needs review because it handles sensitive student performance data and can write analysis results to other teaching skills without clear per-use consent.

Install only if you are comfortable with a teaching assistant processing student performance and classroom-observation data. Before using cross-skill writeback, confirm what fields will be shared, prefer student IDs or aliases over names, and avoid sending individual student details unless the teacher explicitly requests it for an internal workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The skill documents writing analysis outputs to multiple downstream skills while separately claiming strict high-sensitivity protections, but the boundary is not consistently enforced or explained at the writeback point. This creates a real risk of unintended propagation of student-derived data or sensitive inferences across skills without explicit user awareness or per-destination minimization checks.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad, natural-language requests that can appear in many ordinary teaching conversations, but the skill does not define clear activation boundaries, exclusions, or confirmation steps. This can cause over-triggering, routing user input into a data-analysis workflow when the user may only be asking a casual question, increasing the chance of unintended data handling, misleading analysis, or inappropriate downstream actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match ordinary teaching conversation, which can cause the skill to activate when the user did not intend detailed student-analysis behavior. In a skill that handles educational performance data and can write outputs to other skills, accidental activation increases the chance of unnecessary data processing and propagation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill describes writing analysis outputs back to other skills but does not provide a clear user-facing warning or consent step at the point of data propagation. Because the content concerns student performance and behavioral signals, silent cross-skill sharing can expose sensitive educational data beyond the user's immediate expectation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal