ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Code Mentor

v1.0.2

Comprehensive AI programming tutor for all levels. Teaches programming through interactive lessons, code review, debugging guidance, algorithm practice, project mentoring, and design pattern exploration. Use when the user wants to: learn a programming language, debug code, understand algorithms, review their code, learn design patterns, practice data structures, prepare for coding interviews, understand best practices, build projects, or get help with homework. Supports Python and JavaScript.

2· 5.6k·31 current·35 all-time
by@samuelkahessay
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (programming tutor supporting Python/JS) aligns with included reference docs and utility scripts (static analysis, complexity analysis, test runner). The included scripts and references are reasonable for a code-mentor skill.
!
Instruction Scope
SKILL.md claims 'learning progress is automatically saved to references/user-progress/learning_log.md after each session' but there is no runtime instruction or script shown that performs automatic session saves. The skill asks users to paste or provide code and to run optional scripts; the scripts operate on user-supplied files. The automatic persistence claim is inconsistent with the provided code and instructions and could mislead users about what will be written to disk.
Install Mechanism
No install spec (instruction-only with optional local Python scripts). This is low risk from an installer perspective: nothing is downloaded or installed by the skill itself. requirements.txt lists optional dev/test tools (pylint, pytest, colorama) which are reasonable.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The scripts operate on user-supplied files and invoke local test tools; these requirements are proportionate to a tutoring/code-analysis tool.
Persistence & Privilege
The skill claims persistent progress across sessions (writes to references/user-progress/learning_log.md). That file exists in the package, but no script in the provided code clearly implements automatic per-session writes — so either persistence is expected to be performed by the agent runtime or by code not present. Confirm how/when the skill writes to disk and whether those writes contain user-submitted code or other sensitive data.
What to consider before installing
This skill appears to be what it says: a programming tutor with optional local helper scripts. Before installing or running it, consider: 1) The SKILL.md promises automatic session-saving to references/user-progress/learning_log.md but I don't see code that implements that — ask the author or inspect your agent runtime to see who/what will write to that file and what data is saved. 2) The utility scripts (run_tests.py) spawn subprocesses (pytest, npx/jest, python -m unittest) and will execute commands on your machine when you run them — only run tests against code you trust and ensure your environment is isolated if needed. 3) No network endpoints or credentials are requested, which is good; still verify that no hidden code writes out user-submitted code to elsewhere. 4) If you plan to enable the skill for autonomous use, be cautious: autonomous execution combined with scripts that run local commands increases the blast radius. If you want more assurance, request the author/source, or run the package in a sandbox and grep for file-write operations (open(..., 'w'), Path.write_text, etc.) or any network usage before giving it access to real projects.

Like a lobster shell, security has layers — review code before you run it.

codingvk9745jb7kz7hcbwnzt15sjsr8s8086taeducationvk9745jb7kz7hcbwnzt15sjsr8s8086talatestvk9745jb7kz7hcbwnzt15sjsr8s8086tamentorvk9745jb7kz7hcbwnzt15sjsr8s8086taprogrammingvk9745jb7kz7hcbwnzt15sjsr8s8086tatutorvk9745jb7kz7hcbwnzt15sjsr8s8086ta

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments