Math Tutor Lite
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a lightweight instruction-only math tutoring skill, with only minor notes about optional tutoring tools, possible stateful student identifiers, and a companion-plugin prompt.
This skill appears safe for ordinary one-off math practice. Before enabling any companion plugin or using student IDs, review that plugin’s source, permissions, and privacy behavior.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the optional tool is available, math request details such as grade, topic, count, and difficulty may be passed into that tool before the answer is shown.
The skill directs the agent to call an optional math-generation tool before responding on explicit invocations. This is purpose-aligned, but users should know that installed tutoring tools may be used.
如果本回合是显式 slash 调用 `/math_tutor_lite ...`,在给出任何题目文本前必须先尝试一次 `edu_math_generate`
Use this normally for tutoring, but review any enabled edu_math tool/plugin and its data handling before relying on it.
A student identifier could cause an installed tutoring tool to use stored or student-specific context, if such a tool is present.
The references to stateful mode with student and problem identifiers imply that, if the companion tools exist, per-student context may be used. The SKILL itself also says Lite mode should not claim long-term memory.
有 `student_id` 时,调用 stateful 模式。... 有 `problem_id` 和 `student_id` 时,调用 stateful 分析。
Avoid providing student identifiers unless you intend to use stateful tutoring features, and check the companion tool’s retention and privacy behavior.
The current skill does not install extra code, but it may recommend another plugin whose provenance and permissions must be evaluated separately.
The skill promotes a companion plugin/private workspace, but that companion component is not part of the supplied instruction-only artifact set.
安装 companion plugin 可获得更稳定的出题/分析体验;长期家庭能力需要 private workspace 安装态
Do not install the companion plugin or private workspace component unless it comes from a trusted source and its permissions are clear.