ClawHub

English Learning Coach

Security checks across malware telemetry and agentic risk

Overview

The skill appears local-only and purpose-aligned, but it silently stores detailed English-learning conversations and profile data without clear opt-in, retention, or deletion controls.

Install only if you are comfortable with the skill keeping a local learning history that may include your exact practice sentences and corrections. Before using it on personal or sensitive topics, choose a safe data directory and be prepared to inspect or manually delete the generated data files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to read environment variables and persist detailed learner data to local files, but the skill metadata does not declare these capabilities or give a clear up-front notice. That creates a transparency and permission-boundary problem: users and hosts may believe this is a chat-only skill while it can access environment-derived configuration and write persistent records.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation text is broad enough to trigger on common requests for English chat, correction, summaries, and related commands, which can cause the skill to activate outside a narrowly scoped invocation. This increases the chance of unintended behavior and silent data collection in contexts where the user did not realize the coaching skill was being engaged.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly says to record learning data silently and avoid showing persistence notes during ordinary chat. Silent collection of scores, errors, vocabulary, and CEFR-related signals without a clear user-facing warning is a privacy risk because users may disclose sensitive personal text while believing they are only chatting.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documented local data store retains detailed practice history, including raw user input, corrections, scores, error categories, vocabulary, and checkpoints, yet the overview does not foreground this retention. Persistent educational profiling can reveal sensitive personal information and creates risk if the host device is shared or compromised.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill hardcodes an immersive English-only interaction mode and correction workflow without an explicit user language choice or consent step. This can override user expectations, reduce accessibility for users who need explanations in another language, and create confusing or exclusionary behavior, especially for lower-proficiency learners.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persistently stores learner messages, corrections, vocabulary examples, CEFR signals, and error-book content to local files with no consent flow, retention control, or privacy notice in the implementation. Because this skill is explicitly for language coaching, the stored text can contain sensitive personal or educational data, and the skill context makes undisclosed collection more concerning rather than less.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal