Skillv2.0.0

ClawScan security

RuRussian MCP · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 19, 2026, 11:49 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, install, and runtime instructions are consistent with a Russian-tutor MCP: it requires a RuRussian API key, installs a local MCP binary, stores per-learner memory, and implements hosted checkout — nothing in the bundle appears disproportionate or unrelated to its stated purpose.
Guidance: This package appears to be a coherent RuRussian MCP, but consider the following before installing: (1) it requires and uses a RURUSSIAN_API_KEY and will communicate with the configured API endpoint (default https://rurussian.com/api) — only provide keys you trust; (2) it stores learner memory by default under ~/.rurussian_mcp/learning_memory.json — review and back up or change the path if you don’t want local data written to your home directory; (3) the skill supports hosted checkout and the docs describe letting a 'payment-capable bot' complete purchases — do not grant bots unattended payment authority, and never send raw card details through chat; (4) install in a virtualenv or isolated environment and verify the upstream repository and package authenticity (check the GitHub repo and package maintainer) before using; (5) if you need stronger guarantees, inspect the omitted files or run the package in a sandbox to watch network activity (it will contact the configured API and any override endpoints). Overall the package is internally consistent with its stated purpose, but exercise normal operational caution around API keys, local storage, and automated purchase flows.

Review Dimensions

Purpose & Capability: okName/description, required binary (rurussian-mcp), declared primaryEnv (RURUSSIAN_API_KEY), and the included Python package all align with a tutor/learning MCP that calls a remote rurussian.com backend and offers local learner memory and lesson tooling.
Instruction Scope: noteSKILL.md and the code implement expected operations: authenticate with an API key, call vocabulary/sentence/analysis endpoints, generate practice content, and run hosted checkout flows. The purchase/checkout tooling means an agent can open hosted payment URLs and confirm purchases (the docs explicitly describe letting a payment-capable bot complete checkout). This is within the skill's purpose but raises an operational note: granting a bot 'payment authority' is a separate risk the operator must manage; the skill itself instructs not to ask users for raw card details and attempts to redact API keys.
Install Mechanism: okInstall spec references a pip-installable package (rurussian-mcp) that is included in the bundle (pyproject.toml and package files present). No remote arbitrary-download URLs or obfuscated installers were used in the manifest; installation is standard Python packaging.
Credentials: okThe declared primaryEnv is RURUSSIAN_API_KEY and optional env vars (RURUSSIAN_API_URL, memory store path, purchase endpoints) are appropriate for a service client. There are no unrelated credentials or unexpected environment variables requested.
Persistence & Privilege: noteThe MCP writes persistent learner memory to a file in the user's home directory (~/.rurussian_mcp/learning_memory.json by default) and keeps purchase_context in-memory; this is coherent for a tutoring MCP but is a persistent artifact on disk. The skill is not always-on and does not request elevated system privileges, but you should be aware of local storage and checkout behavior (agents can initiate/confirm purchases if granted payment authority).