Skillv1.0.1

ClawScan security

HiNiHao Chinese Tutor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 2:38 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: An instruction-only Chinese tutoring skill whose requested actions (create/save a learner profile, fetch public content, OCR uploaded documents, and generate lessons) are coherent with its description and do not ask for unrelated credentials or installs.
Guidance: This skill is internally consistent for a proactive language tutor: it will save a learner profile and lesson artifacts, fetch public Chinese content, and OCR any documents or images the user uploads. There are no requested API keys or installs. Before installing, consider: (1) privacy of uploaded documents and extracted text — those will be processed and stored by the agent; (2) how the platform performs web access (some sources listed are region-restricted, which may affect recommendations); and (3) whether you want the agent to be allowed to persist and reuse your profile and lesson files. If you need stronger guarantees about data retention or network access, ask for details about where files are stored and how external web requests are made on your platform.

Review Dimensions

Purpose & Capability: okThe name/description (proactive Mandarin tutor) matches the instructions: creating/storing a learner profile, selecting level-appropriate content, recommending/annotating media, and processing uploaded documents. Required binaries, env vars, and install steps are absent, which is reasonable for an instruction-only content/lesson generator.
Instruction Scope: noteSKILL.md instructs the agent to persist a profile (hinihao-profile.json), save lesson files, append vocab/grammar notes, fetch real content from public Chinese platforms, and run OCR on user-uploaded images/PDFs. These actions are expected for a tutor but do involve reading user uploads and writing persistent data; users should expect lesson data and extracted text to be stored by the agent.
Install Mechanism: okNo install spec or code is included (instruction-only). This minimizes filesystem risk because nothing is downloaded or executed beyond what the platform/agent already provides.
Credentials: okThe skill requests no environment variables, credentials, or config paths. All declared behaviors (web-sourced content, OCR, file persistence) can reasonably operate without additional secrets. No unrelated credential requests are present.
Persistence & Privilege: noteThe skill expects to persist per-user files (profile JSON, lesson markdown, vocab/grammar JSON) and to run on a schedule (cron/heartbeat triggers described). always:false (not force-included). Persisting user learning data is appropriate for its purpose, but users should be comfortable with the agent storing and reusing that data.