ClawHub

ParentCN 全龄段育儿助手

Security checks across malware telemetry and agentic risk

Overview

This parenting skill appears coherent in purpose, but its pediatric feeding and allergy guidance needs human review because it may encourage unsafe home re-exposure after allergic reactions and lacks clear locale and medical-safety limits.

Review this skill carefully before installing, especially if it will answer infant feeding, allergy, or vaccine questions. It should be treated as general parenting content only, with local pediatric guidance required for immunizations, allergy symptoms, food reintroduction, prematurity, poor growth, eczema, reflux, or any concerning reaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill trigger description is extremely broad, covering nearly any parenting, feeding, sleep, vaccine, education, discipline, or content-generation query. This can cause unintended invocation in normal conversation, leading the system to route users into a specialized skill without clear consent or need, which is a real security and safety boundary issue for agent behavior.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The skill is written entirely for a Chinese-language and China-specific context, including vaccine schedules and parenting guidance, without stating locale limitations or offering adaptation. This can mislead users in other regions into receiving incorrect jurisdiction-specific health information, especially around immunization and care practices.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This file provides detailed pediatric feeding schedules, food progression, and home allergy-response guidance for infants without an upfront recommendation to consult a pediatrician, especially for prematurity, growth concerns, eczema, prior reactions, or other medical conditions. In a parenting skill, users may treat the guide as authoritative medical advice, so omissions of professional-care guidance can lead to unsafe feeding decisions or delayed care.

Missing User Warnings

High
Confidence
99% confidence
Finding
The allergy section instructs caregivers to 'observe' mild reactions and to retry foods after fixed delays, including after vomiting or widespread rash, without clearly telling them to stop further exposure and contact a clinician after any suspected food allergy. For infants, repeat home exposure after a prior reaction can escalate to more severe allergic reactions and delay proper evaluation or emergency treatment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal