ClawHub

Duolingo Learning OS

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local learning tracker that stores progress under ~/duolingo and only offers optional user-controlled routing.

Install if you want a persistent local learning system. Before enabling the optional AGENTS router, keep trigger topics specific, and remember that learning history and progress will be saved in ~/duolingo until you delete it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The router template uses very broad trigger verbs like "learn," "practice," "quiz," "review," and "improve," which can match many ordinary user requests unrelated to this skill. In an AGENTS auto-routing context, that increases the chance of unintended activation, misrouting user intent, and inappropriate execution of the Duolingo workflow over other more suitable skills.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The setup instructs the agent to define auto-activation early, but it does not require narrow, unambiguous triggers or explicit user confirmation boundaries. In a conversational learning skill, this can cause the skill to activate during unrelated chats, leading to unintended routing, state changes, or lesson behavior outside the user's intent.

Vague Triggers

Medium
Confidence
97% confidence
Finding
Using broad trigger examples like 'english', 'cooking', and 'math' is unsafe because these words commonly appear in normal conversation and can accidentally activate the skill. In this skill's context, which supports multi-topic routing and persistent learning state, accidental activation is more dangerous because it may redirect the agent into lesson workflows or modify stored learning context without a clear request.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file directs creation of a local directory structure and multiple persistent files under ~/duolingo/ without requiring a user-facing disclosure or confirmation before writing. This is risky because it can result in silent local state creation, retention of personal learning data, and unexpected filesystem modification, especially in an agent environment where users may not realize persistence is occurring.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal