ClawHub

The English Tutor

Security checks across malware telemetry and agentic risk

Overview

This English tutor skill uses optional cloud, Feishu, and memory integrations that match its stated purpose, with privacy-sensitive behavior disclosed enough to treat it as installable with caution.

Install only the modules you need. Use limited-scope Feishu, MiniMax, ASR, and Bitable credentials; avoid practicing with sensitive personal or business content if cloud providers or Bitable memory are enabled. Keep scheduled pushes off unless you want automatic Feishu messages, verify optional downloads, and set PIPER_BIN only to a trusted local binary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
env = os.environ.copy()
    lib_dir = os.path.dirname(piper_bin)
    env['LD_LIBRARY_PATH'] = lib_dir + ('' if not env.get('LD_LIBRARY_PATH') else ':' + env['LD_LIBRARY_PATH'])
    r = subprocess.run([piper_bin, '--version'], capture_output=True, timeout=5, env=env)
    piper_run_ok = r.returncode == 0

if piper_run_ok:
Confidence
94% confidence
Finding
r = subprocess.run([piper_bin, '--version'], capture_output=True, timeout=5, env=env)

Tainted flow: 'piper_bin' from os.environ.get (line 88, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
env = os.environ.copy()
    lib_dir = os.path.dirname(piper_bin)
    env['LD_LIBRARY_PATH'] = lib_dir + ('' if not env.get('LD_LIBRARY_PATH') else ':' + env['LD_LIBRARY_PATH'])
    r = subprocess.run([piper_bin, '--version'], capture_output=True, timeout=5, env=env)
    piper_run_ok = r.returncode == 0

if piper_run_ok:
Confidence
98% confidence
Finding
r = subprocess.run([piper_bin, '--version'], capture_output=True, timeout=5, env=env)

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The file exposes a general-purpose chat capability that is not disclosed by the module description, expanding the skill's effective scope and outbound data-handling behavior. In an agent setting, hidden or undocumented LLM/network functionality can be abused to send prompts, instructions, or sensitive conversation history to an external provider without clear operator awareness.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly mentions optional Bitable-based memory for word records and chat logs, but the user-facing setup and feature description do not clearly foreground that conversation history and learning progress may be stored externally. This creates a privacy and consent problem because users may interact assuming an ephemeral tutor while their chat content and progress are persisted in a third-party service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code persists both user and AI chat content, including optional voice URLs, to an external Feishu Bitable service without any indication of consent, minimization, retention control, or sensitivity filtering. In an English tutor context, conversations may contain personal data or sensitive learning history, so exporting them to a third-party store creates a real privacy and data-governance risk even if it is not overtly malicious.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The TTS method sends caller-supplied text to a remote API, which can expose sensitive or regulated content if the caller passes private data. In agent contexts, this is more dangerous because user messages, secrets, or internal prompts may be synthesized automatically and leave the local trust boundary without explicit disclosure or consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The chat method transmits the system prompt and full message history to a third-party API, which may include sensitive user data, hidden instructions, or credentials embedded in conversation context. In an agent skill, this is especially risky because message history often contains higher-value operational data than ordinary user input, so undisclosed exfiltration to an external LLM provider can have significant confidentiality impact.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script uploads user audio to a third-party ASR service without any explicit user-facing notice, consent prompt, or privacy guardrail in the code path. In a tutoring or language-learning context, audio may contain personal or sensitive information, so silent transmission to an external processor creates a real privacy and compliance risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This code sends the local audio file to OpenAI Whisper translation/transcription services without any user-facing warning or consent mechanism. Because spoken audio can include personal data, background conversations, or confidential content, silent upload to a third party is a meaningful privacy issue.

Ssd 3

Medium
Confidence
88% confidence
Finding
The code persistently stores raw user input, AI responses, and voice URLs in chat history and per-word records without visible minimization, redaction, retention limits, or consent controls. In a tutoring/chat context, these logs may contain sensitive personal data, and if the backing memory store is exposed, over-retained conversational data materially increases privacy and leakage impact.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal