ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tutor Buddy Pro

v1.0.3

Provides step-by-step, interactive homework help using the Socratic method, tracks progress, creates study plans, and adapts to each student's learning style.

0· 63·0 current·0 all-time
by@nollio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims local-only tutoring, progress tracking, and photo-to-solution capabilities and the files (SKILL.md, config, examples, and a single report script) align with that purpose. One mismatch: registry metadata lists no required binaries, but scripts/documentation state the report generator needs python3 and Playwright (and Playwright may download Chromium). The dashboard companion describes a web dashboard and /api/sync endpoints, but no code in this package automatically phones home — the dashboard is optional and would be a separate deployment.
Instruction Scope
Runtime instructions are focused on tutoring behavior (image OCR, Socratic prompts, progress tracking). The SKILL.md explicitly includes prompt-injection defense and repeatedly treats user-supplied homework/images as data (not instructions). Setup requires pasting the provided system prompt into the agent (SETUP-PROMPT.md) — that is normal for skills but is a privileged action: only do this if you trust the skill source.
Install Mechanism
There is no install spec in the registry (instruction-only), so nothing is automatically downloaded or installed. However, the included generate-progress-report.sh requires python3 and Playwright (and Playwright can fetch a Chromium binary when installed), which is an out-of-band dependency not reflected in registry metadata. The script itself does not make outbound network calls and cleans up temp files; it writes and renders HTML locally.
Credentials
The package requests no environment variables, no credentials, and no special config paths. Data and files referenced are local to the skill (data/ and config/). Documentation promises no hardcoded secrets or telemetry; those claims match the code provided (no network calls or embedded endpoints in scripts).
Persistence & Privilege
The skill is not always-enabled, does not request elevated privileges, and does not modify other skills or system-wide settings. Setup asks you to copy a system prompt into your agent — that changes the agent's behavior but is standard for skills and is clearly documented in SETUP-PROMPT.md.
Scan Findings in Context
[ignore-previous-instructions] expected: This pattern appears inside the SKILL.md's explicit 'Prompt Injection Defense' section instructing the agent to IGNORE such phrases in user-supplied homework — it's a defensive inclusion, not an attempted override.
[you-are-now] expected: Also appears as part of the prompt-injection defense text (examples of attacker-supplied override phrases). Its presence likely triggered the static detector but it is used to teach the agent to ignore such phrases.
Assessment
This package appears coherent with its stated purpose (local tutoring, Socratic flows, and local progress tracking). Before installing: 1) Only paste the provided system prompt into your agent if you trust the skill source — that is a privileged change. 2) Be aware generate-progress-report.sh requires python3 and Playwright (which may download Chromium during installation); install those tools consciously and review their network behavior if you need to keep everything offline. 3) The dashboard docs describe optional remote sync/dashboard components — those are separate and would require you to deploy or connect to a web service; nothing in this package automatically exfiltrates data. 4) The SKILL.md contains explicit prompt-injection defense (which is why the scanner flagged patterns); review that section to confirm it matches your safety expectations. If you want higher assurance, run the skill in a sandboxed agent instance and inspect network activity while exercising the report-generation path.
!
SKILL.md:28
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk9772vjaqe501tknrb3zfkb7e983ytq5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments