Skillv0.3.0

ClawScan security

Learning Coach · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 3:56 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, scripts, and runtime instructions are consistent with a personal learning-coach that generates quizzes, grades via an LLM, curates resources, and optionally manages cron reminders — but it can modify your crontab and fetch arbitrary URLs, so review consent and file locations before enabling automation.
Guidance: This package appears to do what it advertises: create per-subject state, generate/validate quizzes and grades (LLM-driven), curate resources, and optionally manage reminders via cron. Before installing or running: (1) Decide and confirm explicit consent if you want scheduled cron jobs — review the candidate cron lines (scripts/subject_cron.py and scripts/setup_cron.py) and the workspace path they reference. (2) Be aware source_ingest.py will fetch arbitrary URLs/feeds you provide — avoid giving it internal or sensitive endpoints. (3) Do not run bootstrap with --install unless you trust installing a global npm package (clawhub) on your machine. (4) Confirm where data/subjects will be stored (default 'data' or agent workspace) because the skill will persist quiz history, progress, and curated links there. If you want stricter controls, require the agent to show the exact cron jobs and ask for confirmation before any call to setup_cron.py or any network fetch.

Review Dimensions

Purpose & Capability: okThe name/description (personalized learning coach with quizzes, grading, curation, reminders) matches the included scripts and files: quiz/grade validation, progress tracking, source ingestion, ranking, cron templates, and reporting. There are no unrelated credentials or surprising binaries requested.
Instruction Scope: noteSKILL.md instructs the agent to generate quizzes with an LLM, persist per-subject state under data/subjects/<slug>/, run optional curated ingestion of YouTube/X/web feeds, and only set cron jobs after explicit consent. The scripts implement these behaviors. Pay attention to source_ingest.py which will fetch arbitrary URLs (via urllib) provided as inputs — fetching arbitrary URLs can reach internal hosts if not constrained. Also setup_cron.py directly writes the user's crontab when run; SKILL.md requires asking first, but the code will perform the change if called.
Install Mechanism: okNo install spec in registry (instruction-only). The included bootstrap script can optionally invoke npm to install a global 'clawhub' binary if run with --install; that is an explicit action initiated by the bootstrap script and is not automatic. No remote archive downloads or obscure URLs are present in the package itself.
Credentials: okThe skill declares no required environment variables, no credentials, and no config path requirements beyond its own data/ directory. Scripts use local file reads/writes and subprocesses (crontab, python3), which are proportionate to the stated functionality.
Persistence & Privilege: noteThe skill does modify persistent user state: it writes files under data/subjects/<subject>/ and includes a script that will add/remove lines in the user's crontab. always:false (not force-included) is appropriate. Because the agent can be invoked autonomously, ensure the agent enforces the SKILL.md requirement to obtain explicit cron consent before running setup_cron.py — otherwise cron modification could happen without the user's clear approval.