School
ReviewAudited by ClawScan on May 1, 2026.
Overview
This instruction-only school tutoring skill is coherent and purpose-aligned, but it will handle and persist sensitive child learning data that parents should manage carefully.
Before installing, decide what child information you are comfortable storing, use minimal identifiers, keep parent verification private, review or delete ~/school/ records as needed, and verify whether your agent platform actually provides the stated encryption, access-control, and deletion protections.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A child's learning history, preferences, and session context may be saved and reused over time.
The skill intentionally stores persistent child learning data and session context. This is aligned with progress tracking, but it is sensitive because it concerns minors and can influence future interactions.
What We Store - Learning progress - Session history (for continuity) - Preferences (for personalization)
Use minimal identifying information, review the ~/school/ directory periodically, delete old records when no longer needed, and avoid uploading unnecessary personal details.
If a child can guess or obtain the PIN/question answer, they may access parent-mode settings or reports.
The skill creates a parent/child privilege boundary, but the described verification is lightweight. This is expected for parental controls, yet users should understand it is a sensitive access boundary.
Parent mode requires simple verification (PIN or question).
Use a distinct PIN or verification answer, do not store it in child-visible files, and do not rely on this alone for high-sensitivity access control.
Sensitive child disclosures or ambiguous statements may be escalated to parents immediately.
The skill intentionally allows safety alerts to override normal privacy boundaries. This is purpose-aligned for child safety, but a misunderstood or false-positive alert could propagate sensitive information to parents.
Safety alerts bypass all privacy
Treat alerts as prompts for careful follow-up, verify context before taking action, and explain the alert rules to the child in an age-appropriate way.
Parents could overestimate the technical privacy protections available for stored child data.
The skill states strong privacy and security expectations. Because the package is instruction-only, users should verify how their actual agent/platform implements encryption, access control, sharing, and deletion.
Data Security - Encrypted storage - Parent-only access - No third-party sharing - Delete on request
Confirm the host agent's storage, encryption, deletion, and sharing behavior before storing sensitive information about a child.