Skillv2.0.1

ClawScan security

Educlaw Multi-Subject Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 7:34 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requested files, instructions, and configuration are consistent with a multi-subject tutoring router; it does not request unrelated credentials or installs and contains no obvious misdirection, but it stores user info in memory/config and relies on an external persistence plugin and off-platform payment flow which you should review before use.
Guidance: This package appears to be what it claims: a router plus per-subject agent instructions with no hidden code or credential requests. Before installing: (1) Inspect where OpenClaw stores agent memory and config on your system — the skill stores child_name/grade and authorization flags which may be sensitive; avoid putting real PII until you confirm storage/encryption. (2) Note persistence depends on an external plugin (lossless-claw) which is not bundled—verify that plugin and its install method. (3) Paid math access uses off-platform contact (WeChat) and activation codes listed in the README/YAML — no built-in payment provider is included. (4) If you plan to modify router/config.yaml or copy files into ~/.openclaw/agents/, back up existing configs and confirm OpenClaw version compatibility. If you want stronger privacy guarantees, ask the author how memories are persisted and who can read them; if that info is not available, treat stored student data as potentially readable by whoever has filesystem access to the OpenClaw agent data directory.

Review Dimensions

Purpose & Capability: okName/description (multi-subject learning + routing) matches the included files: router rules, per-subject agent YAMLs, and README. There are no unexpected required binaries, environment variables, or external credentials that would be inconsistent with an educational routing agent.
Instruction Scope: noteThe SKILL.md and agent YAMLs confine their actions to intent recognition, routing, simple in-memory memory writes (student name, authorization flags), scoring and point bookkeeping. They instruct editing router/config.yaml and rely on the platform's memory system. They do not instruct reading arbitrary system files or contacting hidden endpoints in the provided content. Note: the skill stores student identity and authorization flags in memory/config which may contain PII—verify where memory is persisted and who can access it.
Install Mechanism: okThis is instruction-only with no install spec and no code files to execute. README suggests user-side copy into ~/.openclaw/agents/ and restarting the gateway — these are normal user installation steps and not hidden installs. No external download URLs or archive extraction are present.
Credentials: noteThe skill requests no environment variables or credentials (proportional). However: (1) it keeps child_name/child_grade and authorization flags in global config/memory (possible PII), (2) persistence of points is said to depend on an external 'lossless-claw' plugin (not bundled), and (3) the paid math flow offloads payment/contact to WeChat and activation codes included in README/YAML. These are relevant privacy/operational considerations but are coherent with the claimed functionality.
Persistence & Privilege: notealways:false (normal). The skill intends to store per-student data and '数学已授权' flags in the agent memory and in router global config. That is expected for a tutoring agent but you should confirm whether memory persists to disk, where it is stored, and whether persistence plugin (lossless-claw) will be installed/used — this affects privacy and retention.