ClawHub

chinese-literacy-detection

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent child Chinese-literacy assessment tool, with a disclosed but optional QR-code mini-program prompt users should treat carefully.

Before installing, expect the skill to ask for a child's age and test responses, display Chinese-language prompts, and show a QR code for a WeChat mini-program. Continue in-chat if you do not trust or cannot verify the QR-code destination; avoid entering sensitive child or account information into any external mini-program unless you trust its publisher.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

Low
Confidence
90% confidence
Finding
The workflow requires showing a QR code promotion before the literacy test, which introduces unrelated promotional content into a child-focused assessment flow. While not code-execution dangerous, it creates an unnecessary trust and redirection surface, especially for parents and children, and can pressure users into leaving the current interface for an external mini-program.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill instructs the chatbot to emit detailed per-reply status tracking, including step-by-step parsing and decision logic. Exposing this internal reasoning-like process can leak implementation details, make prompt behavior easier to manipulate, and conflicts with safe design practices that avoid revealing chain-of-thought-style internals to users.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation criteria are extremely broad, including any request that loosely relates to assessing or improving a child's Chinese literacy, even when the user did not explicitly ask for a test. That can cause the agent to invoke this skill in unintended contexts, overriding user intent and increasing the chance of collecting child-related information or steering the conversation into an unnecessary assessment flow.

Natural-Language Policy Violations

Medium
Confidence
73% confidence
Finding
The skill is written to conduct interaction in Chinese without an explicit language-choice step, despite mentioning English trigger phrases. This can lead to user confusion, degraded consent/understanding, and poor handling when the parent or child prefers another language, especially in a child-focused workflow where instructions should be clearly understood.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal