ClawHub

Junyi Client Follow-up

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for monthly child follow-up, but it handles sensitive child and family replies and forwards them to a planner with weak consent, routing, and minimization boundaries.

Install only in a setting where parents have explicitly agreed that questionnaire replies may be sent to the assigned planner, including urgent red-line escalations. Configure PLANNER_CONTACT carefully, avoid group-chat use, require confirmation before sending or processing replies, and consider editing the templates to disclose forwarding and to share the minimum necessary information instead of full unredacted messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill states it will not read or modify planning reports, yet the workflow explicitly reads plan_meta from the planning document and updates plan state/counters. This mismatch is a real security and trust issue because operators and users may grant the skill access under false assumptions, leading to unauthorized document access or modification beyond declared scope.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill claims it only collects and does not evaluate, but it performs red-flag screening, age/stage eligibility checks, and escalation decisions. These are substantive triage decisions that affect workflow and user outcomes, so the documentation understates the skill's decision-making role and could bypass appropriate review or consent expectations.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The confirmation template says the planner will evaluate the feedback and provide updated advice, which directly contradicts the skill's declared scope of not doing evaluation, strategy adjustment, or report modification. In a child-development context, this can mislead parents into expecting individualized assessment and guidance that may be outside process, qualification, or safety controls.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Broad trigger phrases like '复盘一下' or '跟进一下孩子' are common conversational language and can cause accidental invocation. In this skill's context, unintended activation could send questionnaires, process sensitive child-related data, or forward family information to a planner without the user's clear intent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The collect-reply mode activates on '收到家长回复' without defining channel, thread, identity, or whether the message is actually a questionnaire response. That ambiguity can cause unrelated or misattributed messages to be ingested, screened for high-risk content, and forwarded to the planner, creating privacy breaches and incorrect case handling.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill forwards parent feedback to the planner and, for flagged cases, sends the parent's original text, but the description does not clearly warn users of this data sharing. Because the content concerns children, emotions, safety incidents, and family events, failing to disclose forwarding behavior materially increases privacy and consent risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The rule requires immediate forwarding of parents' original feedback, potentially including sensitive child-health, family-crisis, and safety-incident details, together with identifiers and plan context, without any privacy notice, minimization rule, or consent boundary. In a child-focused workflow, this increases the risk of over-sharing highly sensitive personal data internally and can violate least-privilege and privacy expectations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The forwarding templates embed identifiable child information, age, plan ID, follow-up count, and potentially sensitive parent feedback, yet provide no warning, consent language, minimization requirement, or access-control guidance. Because the skill serves children aged 0-8 and may process medical or family-change signals, the privacy impact is elevated and mishandling could expose especially sensitive data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal