ClawHub

父母的功课

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a parenting-support package, but it bundles under-scoped local data access/storage and developer publishing automation that users should review before installing.

Review before installing. Do not run scripts/maintenance.py unless you intend to let it modify the git checkout, and do not set ALLOW_AUTO_PUSH or ALLOW_AUTO_PUBLISH casually. Treat any saved assessment or action-planning data as sensitive family/mental-health information, check both SKILL_DIR/data and ~/.hermes/still_growing, and do not rely on this skill as emergency or professional mental-health support.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (79)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The changelog describes a maintenance script that can automatically check changes, commit, push, and publish. In a parenting-dialogue skill, repository/network automation is out of scope and materially increases the attack surface: if triggered unintentionally or abused, it could exfiltrate content, modify project history, or publish unreviewed changes from an environment that may contain sensitive local data.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Automatic git push/publish capability is especially risky here because the skill handles sensitive family and psychological context, and the metadata mentions local storage of assessment history and session state. Even if gated by environment variables, such capability creates a path for accidental or unauthorized publication of sensitive data or project contents, which is context-inappropriate and dangerous for a support skill.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The documentation states local statistics are stored under SKILL_DIR/data/, but the runnable tool descriptions show writes to ~/.hermes/still_growing/ in the user's home directory. This creates a trust and data-boundary mismatch: users or host platforms may believe data is sandboxed to the skill directory when it is actually persisted outside it, which can lead to unintended retention, cross-skill exposure, or privacy policy violations. In this parenting/mental-health context, the stored data may include sensitive emotional logs and assessments, making the discrepancy more serious than a generic path inconsistency.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script stores detailed user-provided reflections and child-response content to disk, which goes beyond minimal operational state and can include sensitive family and behavioral data. In a parenting/mental-health-adjacent skill, this creates privacy risk through unintended retention, local disclosure, backup/sync exposure, or access by other local users/processes.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The engine advertises a shouldBeSilent safeguard for users in acute pain, but analyze() continues with pattern detection, layered defense inference, and recommendations even when self-deception detection suppresses itself. In a mental-health-adjacent parenting support skill, this can cause the system to analyze and steer vulnerable users when the stated safety rule says it should stop, increasing risk of harmful or inappropriate responses during crisis-like disclosures.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The script explicitly documents automatic push to GitHub and publication to ClawHub, which are external distribution actions unrelated to the skill's stated local parenting-support function. In skill ecosystems, bundling release/deployment behavior expands the trust boundary and can exfiltrate repository contents or propagate unintended changes if executed in an agent or operator environment.

Context-Inappropriate Capability

High
Confidence
90% confidence
Finding
This section establishes a generic subprocess wrapper for git and publishing tool invocation, enabling repository mutation and external tool execution from within the skill package. For a parenting dialogue support skill, that capability is unjustified and increases the risk of unintended code execution pathways and outbound side effects in environments that trust the package.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The code can push to GitHub and publish to ClawHub, directly enabling outbound distribution of local repository state. Even though environment variables are checked, those are weak controls in shared or automated environments, and the capability is materially more dangerous because it is unrelated to the declared purpose of the skill and could leak data or spread unreviewed changes.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The audit report documents a direct mismatch between the skill's stated behavior and actual local persistence to ~/.hermes/still_growing/. In a parenting/psychological support context, undisclosed storage of sensitive family and emotional data creates a meaningful privacy and trust risk even if the data is only stored locally.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The file records that data is stored in a user home directory despite claims that storage is limited to SKILL_DIR/data/ and not externally transmitted. Writing sensitive conversation-derived data into a broader user-scoped location increases exposure, makes behavior less predictable, and undermines informed consent.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The audit notes that the skill claims crisis situations should immediately stop analysis, yet it continues analytical dialogue for self-harm/suicide scenarios. In a mental health-adjacent parenting support tool, this inconsistency is especially dangerous because it may delay escalation to crisis resources and produce unsafe guidance during acute risk.

Intent-Code Divergence

Medium
Confidence
81% confidence
Finding
The report indicates a contradiction between a 'no external network requests' claim and references to OpenAlex API usage. Even if the file itself is only documentary, such a mismatch signals possible undisclosed outbound connectivity, which can lead to unanticipated data exposure or policy bypass if implemented elsewhere in the skill.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documentation claims data is stored only under the skill-local data directory and not externally transmitted, but the runnable tool descriptions say it writes mood and assessment data to ~/.hermes/still_growing/ in the user's home directory. This is a real integrity and privacy issue because users and operators may make trust decisions based on incorrect storage claims, and the data involved is sensitive mental-health/behavioral information.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The planner stores persistent data under the user's home directory (`~/.hermes/still_growing`) rather than a skill-scoped local data path described by the skill metadata. In a parenting/mental-health-adjacent context, this increases privacy risk because sensitive family interaction history may be written to an unexpected location, retained longer than intended, and become accessible to other local processes, backups, or users with access to the home directory.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
`record_feedback` persists detailed free-text fields including what worked, what didn't, child response, lessons learned, and next adjustment. That goes beyond lightweight evaluation statistics and creates a sensitive behavioral history about a child and parent interactions, which is especially risky given the emotional and family-focused nature of this skill.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The file asserts that its research support is 'real and verifiable' while mixing in references that appear inconsistent, weakly sourced, or not readily verifiable. In a parenting and mental-health support skill, this can mislead users into treating non-validated claims as evidence-based guidance, which increases the risk of harmful or delayed decisions in sensitive family or child safety situations.

Intent-Code Divergence

Low
Confidence
90% confidence
Finding
The document says all listed studies can be verified directly via DOI, but later entries do not provide DOI values. This undermines traceability and can create false confidence in the rigor of the material, especially where users may rely on the document's authority rather than checking sources themselves.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
Citing 'Child Development AI, 2024' as though it were a standard academic source is misleading because it does not follow recognizable scholarly citation conventions and may represent an internal synthesis or non-peer-reviewed artifact. In a psychological support skill, opaque sourcing can cause users to overtrust recommendations that appear scientific but are not transparently attributable.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The text presents items as 'latest academic research' while including arXiv preprints and partially published material without clearly distinguishing their review status. That mismatch can overstate certainty and cause readers to treat preliminary findings as settled evidence in high-stakes parenting or mental-health contexts.

Intent-Code Divergence

Low
Confidence
86% confidence
Finding
Embedding content sourced from 'ai_agent_integration.py (.jvs backup)' inside a psychology foundations section blurs the line between empirical evidence and internally generated heuristic content. This can misrepresent implementation artifacts as scientific support, making downstream advice seem more authoritative than warranted.

Intent-Code Divergence

Low
Confidence
83% confidence
Finding
Labeling aggregated local notes and search-derived material as a formal 'research database' gives it an inflated sense of authority and may obscure its provenance. In a skill dealing with child wellbeing and crisis-adjacent topics, provenance opacity can lead users or maintainers to trust synthesized claims more than the evidence justifies.

Intent-Code Divergence

Low
Confidence
89% confidence
Finding
The document exposes a hard-coded absolute local filesystem path to another skill's script under a user home directory, which contradicts the stated self-contained SKILL_DIR/data model. While this does not itself execute code, it can leak environment structure, reveal cross-skill dependencies, and encourage unsafe path assumptions that may break portability or be abused if downstream tooling follows referenced paths.

Description-Behavior Mismatch

Low
Confidence
85% confidence
Finding
The document embeds an absolute filesystem path to a script outside the current skill (`/Users/apple/.jvs/.openclaw/skills/skills/still-growing/...`). This creates an unintended cross-skill dependency and leaks local environment structure, which can break portability and expose internal directory layout useful for reconnaissance.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The trigger list contains broad distress phrases such as general exhaustion or overwhelm that can appear in ordinary conversation, making false-positive crisis routing likely. In this context that can suppress normal assistance, misclassify users, or over-collect/store sensitive crisis-related state for non-crisis conversations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section discusses adolescent trauma, responsibility, therapy, and recovery in a way that could be interpreted as therapeutic guidance, but it does not tell users that the material is not a substitute for licensed mental-health care or crisis support. In a parenting/psychological support skill, that omission increases the risk that distressed users rely on the framework during situations involving self-harm, abuse, severe depression, or acute family conflict instead of seeking appropriate professional help.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal