Skillv2.44.0

ClawScan security

EduClaw - 主动式英语家教 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 11:06 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are consistent with a multi-agent tutoring tool; it requests no credentials or installs, but it does collect and persist basic student info (name/grade/preferences) which has privacy implications the user should review before enabling.
Guidance: This skill appears to do what it says (multi-agent tutoring) and does not request credentials or external installs, but it intentionally collects and persists basic student information (name, grade, interests) and learning history/points in its router/config.yaml and agent memory. Before installing: (1) confirm where the data will be stored on disk and who can read it; (2) if children are involved, ensure parental consent and avoid entering sensitive PII; (3) clarify the purpose of the hard-coded '管理员账号：xiaohuiing123' in math/agent.yaml and remove or secure any real admin credentials; (4) verify the referenced GitHub/ClawHub links if you want the source provenance; and (5) if you do not want the skill to persist names/interests, edit router/config.yaml and the agent instructions to disable or anonymize that storage.

Review Dimensions

Purpose & Capability: okName/description, router, and per-subject agent instructions align: the skill implements an LLM-based router and isolated subject agents (English, Math, future Chinese). There are no unexpected binaries or external service credentials requested.
Instruction Scope: noteAgent instructions explicitly direct the agents to remember student names, grades, interests and to award points; router/config.yaml contains fields (child_name, child_grade, history, points) for persistent state. This is coherent for a tutoring skill but is a privacy-relevant scope (collection and storage of PII). The math agent also contains an inline '管理员账号：xiaohuiing123' string which looks like an admin username referenced in-flow; its purpose/mechanism is not described and should be clarified.
Install Mechanism: okInstruction-only skill with no install spec and no downloaded code. The README suggests a local copy step (cp -r . ~/.openclaw/agents/educlaw) and restarting the gateway, which is a normal local deployment action and matches the skill type.
Credentials: okThe skill declares no required environment variables, no external endpoints are invoked in the instructions, and no credentials are requested. The only credential-like artifact is the literal '管理员账号：xiaohuiing123' inside math/agent.yaml; it appears to be a static hint and is not declared as a required secret.
Persistence & Privilege: noteSkill does not request always:true and is user-invocable. It expects to read/write local config (router/config.yaml) and maintain per-agent memory/state (history, points, child info). That is reasonable for tutoring functionality but means personal data will be persisted locally — confirm storage location, retention, and access controls before use.