ClawHub

高中学习助手

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only Chinese tutoring skill with disclosed study-file handling and no evidence of hidden code, credential use, network access, or destructive behavior.

This skill appears safe to install for tutoring use, but users should avoid uploading private student records or sensitive personal documents unless their runtime clearly explains where indexed files are stored, how long they are kept, and how to delete them. Expect possible activation on general Chinese “why/how/teach me” requests because some triggers are broad.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger list contains very generic phrases such as “我不会”, “为什么”, “什么意思”, and “怎么做”, which commonly appear in ordinary conversation and across many unrelated tasks. This can cause unintended activation, routing users into the tutoring skill when they did not request it, which may lead to incorrect handling of user requests and unnecessary access to conversation context or uploaded study materials.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly says uploaded files will be read, indexed, and stored, but it does not disclose retention limits, consent boundaries, storage location, or how sensitive student data is protected. In an education context, uploaded materials may include personally identifiable information, school records, or copyrighted content, so silent persistence increases privacy and compliance risk.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
98% confidence
Finding
The trigger “教我” is extremely short and broadly applicable, so it is likely to match many non-tutoring requests and accidentally invoke the skill. While this is less severe than direct data exfiltration, it still creates misrouting risk and can expose additional context or file-processing behavior to requests that were not meant for this skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal