ClawHub

Student

ReviewAudited by ClawScan on May 10, 2026.

Overview

This is mostly a local study helper, but its note-taking command can write outside the documented notes folder if the subject contains path traversal characters.

Before installing, consider patching or avoiding the note command with subjects that contain slashes or '..'. Use ordinary subject names like biology or history, summarize only files you are comfortable exposing to the agent, and remember that notes are saved locally under ~/.student.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium
#ASI02: Tool Misuse and Exploitation
What this means

A mistaken or adversarial subject name could place note content outside the expected notes folder and modify files in unintended directories, though the write is still local and limited to a dated .md filename.

Why it was flagged

The subject argument is directly concatenated into a filesystem path. A subject containing '../' could cause the command to create or append a dated markdown file outside the documented ~/.student/notes directory.

Skill content
local subject_dir="${NOTES_DIR}/${subject}"
mkdir -p "${subject_dir}"
local filename="${subject_dir}/$(today).md"
} >> "${filename}"
Recommendation

Reject subjects containing slashes, backslashes, '..', or control characters, or convert subjects to a safe slug and verify the resolved path remains under ~/.student/notes before writing.

Low
#ASI02: Tool Misuse and Exploitation
What this means

If used on a sensitive file, parts of that file may be exposed in the agent conversation or logs.

Why it was flagged

The summarize command reads whichever local file path the user or agent supplies and then prints a summary to stdout.

Skill content
with open(sys.argv[1], 'r') as f:
    text = f.read()
Recommendation

Use summarize only for intended coursework or reading files, and confirm the file path before running it on private documents.

Info
#ASI06: Memory and Context Poisoning
What this means

Study notes remain on disk after the command finishes and may be visible to anyone or any future tool with access to the user's home directory.

Why it was flagged

The skill intentionally creates persistent local study notes, which may contain personal academic content.

Skill content
Notes stored in `~/.student/notes/`.
Recommendation

Do not store secrets in notes, and periodically review or delete ~/.student/notes if the information is no longer needed.