EduClaw - 主动式英语家教

Security checks across malware telemetry and agentic risk

Overview

This is a text-only tutoring/router skill whose behavior is broadly consistent with its education purpose, with minor disclosure and routing issues to consider.

Reasonable to install if you are comfortable with a child-focused tutor storing or remembering basic learning context such as name, grade, interests, points, and history. Do not treat the math authorization text as a real access-control system, and prefer a version that removes the hardcoded admin identifier and confirms before switching subjects on ambiguous input.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrase "学数学" is broad enough that it can appear in ordinary conversation, causing the skill to enter its first-interaction authorization flow unexpectedly. In this skill, that flow also discloses an administrator account identifier, which increases the practical risk of unintended activation and information exposure.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The router relies on broad keyword matching and an unspecified LLM-based intent classifier without clear activation boundaries, which can misroute users to the wrong agent. In a child-focused educational context, this increases the chance of incorrect responses, policy bypass between specialized agents, or unintended access to agents not appropriate for the user's request.

VirusTotal

42/42 vendors flagged this skill as clean.

View on VirusTotal