Japanese Tutor
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
PDF materials may be processed by a third-party provider tied to the user's Gemini API key.
PDF OCR sends the provided file to Gemini. This matches the skill's disclosed Gemini Vision PDF parsing, but it means uploaded course or homework documents leave the local environment.
sample_file = genai.upload_file(path=pdf_path, display_name="Japanese Homework")
Use PDF parsing only for documents you are comfortable sending to Gemini, and avoid private or sensitive files unless that is acceptable.
Users who want PDF OCR will need to provide a Gemini API key, which grants use of their Gemini account quota or permissions.
The PDF parser needs a Gemini API key from the environment. That is expected for Gemini OCR, but the registry metadata declares no required environment variables or primary credential.
api_key = os.environ.get("GEMINI_API_KEY")
...
genai.configure(api_key=api_key)Set the API key only in a trusted environment, monitor its use, and update the skill metadata to declare the GEMINI_API_KEY requirement.
Vocabulary, grammar, or lesson notes extracted from uploaded material can remain in the skill's local references and be reused later.
The skill intentionally persists extracted study concepts into reference files for future tutoring. This is purpose-aligned, but saved material may influence later sessions.
Append new vocabulary to `references/vocab.md` ... Append new grammar to `references/grammar.md` ... create/update `references/lesson_X.md`
Review saved reference files after ingestion and avoid persisting material that should not be reused in future tutoring sessions.
Users may need to install missing Python packages themselves, which can introduce supply-chain risk if installed from untrusted sources.
The helper depends on an external Python package while the supplied install specification is empty. This is not an auto-install or hidden download, but dependency setup and provenance are not captured in the install metadata.
import google.generativeai as genai
Install dependencies only from trusted package sources and consider adding an explicit, pinned install specification for google-generativeai and python-docx.