Skillv1.0.0

ClawScan security

DingJi Course Design · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 8, 2026, 1:59 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only higher-mathematics course-design template whose declared purpose matches its content; it does not request credentials or install software, but it assumes platform access to models and external tools that are not explicitly declared.
Guidance: This skill appears to be what it claims: a detailed, instruction-only course-design template for higher mathematics. Before installing, check: 1) Does your OpenClaw deployment provide the external tools/models the skill assumes (GeoGebra API, Canvas rendering, Memory, cron jobs, and the named models)? If not, the skill's guidance referring to those will either fail or cause the agent to attempt to use other platform mechanisms. 2) If those integrations exist, confirm what credentials or API keys the platform will supply — the skill itself lists none, so verify no unexpected credential prompts appear. 3) Decide whether you want the agent to be able to autonomously invoke tools/models for student data (autonomous invocation is allowed by default); if that is a concern, restrict the skill's invocation or run it in a sandbox first. 4) Consider privacy: the skill produces and may process learner diagnostics and progress data — ensure that any student PII is handled according to your policies. If you want higher assurance, ask the skill author for an explicit list of external dependencies and required bindings/credentials and test in a controlled environment before broad use.
Findings: [regex-scan-none] expected: No code files present; the regex-based scanner had no artifacts to analyze. For instruction-only skills this is expected but means behavioral assessment relies solely on SKILL.md review.

Review Dimensions

Purpose & Capability: okName and description (adaptive, task-driven higher-math course design) align with the SKILL.md and reference files: pedagogy, task templates, error-patterns and a knowledge-graph. Nothing in the package implies a capability outside course design.
Instruction Scope: noteRuntime instructions are purely pedagogical and task-oriented (diagnostics, multi-agent learning paths, templates). They reference platform features and third‑party tools (Memory read/write, cron spaced-repetition, Canvas rendering, GeoGebra API, model names like Claude/DeepSeek) but do not instruct reading system files or accessing unrelated host data. However the SKILL.md assumes tool/API access and scheduled jobs without specifying how those integrations are authorized or available on the host.
Install Mechanism: okNo install specification and no code files — instruction-only. This minimizes on-disk risk; nothing is downloaded or executed by the skill itself.
Credentials: noteThe skill declares no required environment variables or credentials (none listed). At the same time it references external services and APIs (GeoGebra, Canvas, Memory, models). That is not necessarily malicious, but it is a mismatch: the SKILL.md expects capabilities that may require credentials or tool bindings which the skill did not declare.
Persistence & Privilege: okFlags show always:false and default autonomous invocation is allowed (platform default). The skill does not request persistent system-level privileges or to modify other skills/config. No evidence it writes to system config on install (no install script).