ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kid Tutor - 儿童AI家教助手

v1.0.0

面向6-12岁儿童的AI家教助手,结合苏格拉底式引导和知识讲解,以数学和科学为主。支持AI主动出题、个性化难度调节、错误引导、学习记录和家长报告。当用户提到儿童学习、辅导孩子、小学数学/科学出题、学习报告、家教模式时激活。

1· 449·4 current·4 all-time
by@lixiang1076
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (AI tutor for 6–12yo) match the provided assets: SKILL.md, curriculum/pedagogy/question templates, and two Python scripts for profile management and report generation. There are no unrelated required env vars, binaries, or install steps.
Instruction Scope
Runtime instructions confine activity to a local data directory (data/kid-tutor/<name>), building/reading profile.json and session JSON files and calling local scripts. This is within scope. Note: SKILL.md says reports can be sent to Feishu, but there is no implementation in the provided scripts — a minor inconsistency. Also the skill asks agents to store child data locally; the skill's 'do not collect sensitive info' rule is advisory only and not enforced by code.
Install Mechanism
No install spec; instruction-only with included scripts. Nothing is downloaded or written to system paths by an installer.
Credentials
No environment variables, credentials, or external config paths are requested. The skill stores local child profiles and session files, which is proportional to its tutoring/reporting purpose.
Persistence & Privilege
always:false and normal invocation settings. The skill writes only to its own data directory (profile.json and sessions/) and updates its own profile stats. It does not modify other skills or global agent settings.
Assessment
This skill appears coherent and operates on local files only, but because it handles children's profiles and session data you should: 1) Review and run the Python scripts in a safe environment before use. 2) Place data/kid-tutor/ in a protected directory with appropriate filesystem permissions (avoid storing sensitive PII like full ID numbers). 3) Note that SKILL.md mentions sending reports to Feishu but there is no network/send code — do not assume reports are transmitted externally. 4) If you plan to integrate any external messaging (e.g., Feishu), require explicit, audited code and credentials. 5) Consider encrypting backups or restricting access if you will keep real child names or contact information. Overall the skill is consistent with its stated purpose; the main risk is privacy of locally stored child data rather than malicious behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk978dn198efy43760sb14j0xhh81zvv0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments