ClawHub

headteacher

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for class management, but it needs Review because it handles sensitive student records, cloud Feishu workspaces, and local/account identifiers with incomplete privacy and redaction controls.

Install only if you are authorized to process the relevant student data and connect it to the chosen Feishu/Lark tenant. Use test or redacted data first, review Feishu permissions, run dry-runs before bootstrap/import/export, restrict access to generated Office files, and avoid sharing logs or transcripts that may contain Base tokens, account metadata, or student information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares powerful capabilities via `allowed-tools: Read, Write, Edit, Bash` and instructs the agent to execute local Python and shell commands that can read environment state, modify files, and access external services. For a user-invocable skill handling sensitive student records, this creates meaningful risk if the skill is triggered in the wrong context or if referenced tools/scripts behave unsafely, especially since there is no fine-grained permission model or explicit consent checkpoints around shell execution and data access.

Description-Behavior Mismatch

Medium
Confidence
99% confidence
Finding
The tool includes the supplied Feishu `base_token` in its output even though the script's purpose is classification, not credential display. Printing secrets to stdout can leak them into terminal history, CI logs, agent transcripts, observability pipelines, or downstream tools, enabling unauthorized access to the referenced Base.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly positions the skill as a tool for ongoing management of student data, but it does not warn about handling minors' personal information, consent, retention, or applicable privacy obligations. In an education context, this omission is risky because users may upload sensitive student records without understanding the compliance and confidentiality implications.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill advertises importing student data and generating Office documents, but does not clearly warn that these operations can create persistent artifacts containing sensitive information or modify external systems. This increases the chance that users will generate, store, or share files with student data insecurely.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The installation and onboarding flow encourages initialization of Feishu/Lark integrations for managing class data, but does not clearly disclose that student information may be transmitted to third-party services via APIs or plugins. Because this involves external platforms and likely cloud processing of minors' data, the absence of a transmission warning and consent/compliance guidance is materially dangerous.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README encourages importing, updating, and querying student rosters, scores, behavior, and parent communication records, which are sensitive education records, but provides no privacy, consent, access-control, or data-minimization guidance. In a school context, this omission can lead users to process regulated student data insecurely, increasing the risk of unauthorized disclosure or misuse through the agent, backend, or generated outputs.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README promotes generating Word, Excel, and PowerPoint artifacts from class data without warning that exported files may contain personally identifiable and highly sensitive student information. Exported documents are often easier to copy, share, email, or store outside controlled systems, so missing safeguards materially increases the chance of accidental data leakage.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README promotes ongoing management of student records and document generation but does not clearly warn that this involves privacy-sensitive personal data, potentially including grades, conduct records, and parent communications. In an education context, this omission can lead users to process regulated or highly sensitive student information without informed consent, minimization, or appropriate safeguards.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to initialize Feishu/Lark integrations but does not warn that student data may be transmitted to external third-party services via Feishu APIs, plugins, or CLI tooling. Because the skill is specifically designed for class management, users may send identifiable student records, grades, and conduct data off-device without understanding the data-flow, retention, access-control, or cross-system exposure risks.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The PRD explicitly describes collecting and processing student records, grades, conduct events, parent communications, seating plans, and generating parent-meeting PPTs, but it provides no privacy, consent, retention, access-control, or output-review safeguards. In a school context this involves minors' sensitive personal data, so omission of safety requirements can lead to unauthorized disclosure, over-collection, inaccurate generated reports, and harmful downstream decisions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The prompt instructs the agent to generate local files, register them, and optionally sync them to the cloud, but it does not require explicit user consent, data-classification checks, or any privacy warning before handling student, grade, conduct, or parent-communication data. In this school-management context, those artifacts likely contain sensitive student information, so silent persistence or cloud upload creates a real risk of unauthorized disclosure and compliance violations.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The bootstrap path performs real remote mutations in Feishu and writes a local manifest immediately once invoked, with no explicit confirmation gate beyond the CLI arguments. In an agent-skill context, that increases the risk of unintended provisioning or changes to production data/workspaces if the tool is triggered by misunderstanding, prompt injection, or operator error.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script echoes the provided base token back to stdout without warning or need, directly exposing a sensitive credential. In the context of an AI-operated workspace, stdout is especially likely to be captured in logs, chat transcripts, notebook outputs, or orchestration telemetry, increasing the chance of secret disclosure and subsequent misuse.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script reads `lark-cli config show`, parses the resulting configuration, and includes fields such as `users` and other account metadata in JSON/Markdown output without redaction or consent. In an agent skill context, these outputs may be surfaced to the model, logs, transcripts, or other users, causing unintended disclosure of sensitive tenant/account information.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal