ClawHub

Xiaozhi Teach Student Intake

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed student intake and trial-lesson workflow skill with privacy limits and no executable code, though users should be careful about entering student or parent details.

Install only if you want an agent to help with student intake and trial-lesson workflows. Before using it with real students, confirm consent, use aliases where possible, avoid entering IDs, addresses, income, or other high-sensitivity family information, and review any dashboard write-back or parent follow-up text before it is saved or sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad, everyday expressions such as asking how to run a trial lesson or how to create a student profile. In an agent environment, this can cause the skill to activate outside its intended scope, leading to unsolicited collection of student/parent information or steering the conversation into intake and conversion workflows when the user only wanted general advice.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger section uses broad conversational phrases such as '安排一节试听', '学员档案怎么建', and '试听后怎么跟进' without clear exclusion logic, intent checks, or scope constraints. This can cause the skill to activate on ambiguous user messages and start collecting or structuring student/parent data in contexts where the user only wants general advice, increasing the risk of unnecessary handling of educational and contact information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal