ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

math-guide-solver

v1.1.0

Complete mathematical problem solving workflow with OCR, LaTeX formula extraction, PNG rendering, and guided solutions. Use this skill when users want to: -...

0· 45·0 current·0 all-time
by@yshajoy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims OCR → LaTeX → PNG rendering → guided solutions and the SKILL.md plus Python scripts (process_math_problem.py, generate_solution.py) implement that flow. Declared dependencies (PaddleOCR, math-images) align with the stated purpose. However the SKILL manifest lists no required environment variables while SKILL.md and README refer to external services (Claude API, optional Mathpix and Wolfram Alpha) which normally require API keys; this is a proportionality/manifest mismatch. Also the package is described as "instruction-only" in the registry metadata but code files are included — that is an inconsistency the user should note.
!
Instruction Scope
The SKILL.md instructions themselves stay within the math-solving purpose (call PaddleOCR, convert to LaTeX, call math-images, produce guidance). However there are instructions and helper docs that reference writing config to ~/.openclaw, calling external APIs (Claude/Mathpix/Wolfram) and a GitHub update shell script that copies files from /mnt/user-data and pushes tags to GitHub. The SKILL.md was flagged for unicode-control-chars (prompt-injection pattern). The presence of wide-ranging examples and optional external integrations without declaring required credentials gives the agent broad discretion and missing explicit limits. The Git script references filesystem paths and could overwrite local README/CHANGELOG when run; SKILL.md also suggests installing dependencies via requirements.txt (not present in the package manifest excerpt).
Install Mechanism
There is no formal install spec (instruction-only) which is low risk in itself, but the bundle includes executable Python scripts and a Bash GITHUB_UPDATE_SCRIPT. No automated download from external URLs is present. The included GITHUB_UPDATE_SCRIPT uses hardcoded user paths and /mnt/user-data paths and performs git commit/push/tag operations — safe only as a manual utility, but risky if executed blindly. There is no requirements.txt shown even though the docs reference pip install -r requirements.txt; the declared dependencies exist in skill.config.json and clawhub.json. Overall: no remote code download, but local scripts could be executed by the user or accidentally by an operator — inspect before running.
!
Credentials
The skill declares no required environment variables or primary credential, yet SKILL.md/README mention integrations with Claude API, Mathpix API, and Wolfram Alpha (optional). Those services normally require API keys or tokens. Because requires.env is empty, the skill manifest does not make it explicit what secrets the skill needs or will use. This mismatch is a security and transparency concern: if you later configure the skill to use those services you'll be adding credentials that were not declared up-front. Additionally, the GITHUB_UPDATE_SCRIPT references git credentials implicitly (push to origin) and local filesystem paths; running it may require elevated access to local git credentials.
Persistence & Privilege
The skill does not request permanent/always-included privileges (always: false). There is no evidence it modifies other skills or global agent settings. The GITHUB_UPDATE_SCRIPT can modify files in its repository and push to GitHub, but that is a manual script rather than an automatic install action; it increases potential for accidental file overwrites if executed, but it does not demonstrate autonomous privilege escalation in the skill manifest.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md was flagged for unicode control characters (a common prompt-injection vector). Such characters are not expected for a math-solver doc and could be used to try to manipulate LLM prompting. Review the SKILL.md and other text files for hidden control characters before trusting or rendering them.
What to consider before installing
What to consider before installing or running this skill: - Missing credential declarations: SKILL.md and README mention Claude API, Mathpix and Wolfram Alpha (optional). Those services require API keys/tokens, but the skill manifest declares no required env vars. Treat any prompt to provide API keys as coming from the external integrations — only add credentials after reviewing where and how they're used. - Inspect code before running: The package includes Python scripts (process_math_problem.py, generate_solution.py) and a Bash script (GITHUB_UPDATE_SCRIPT.sh). Review them locally — don't run the GitHub update script unless you understand and edit its hardcoded paths (/Users/... and /mnt/user-data...) because it copies/overwrites files and pushes tags to a remote repo. - Prompt-injection signal: The SKILL.md was flagged for unicode-control-chars. Open the SKILL.md and other docs in a hex-aware editor or view raw bytes to ensure there are no hidden control characters that could manipulate LLM prompts or tool behavior. - Network & secrets: The scripts reference external skills and APIs. If you enable external integrations, provision API keys in a controlled way (least privilege, dedicated keys, and in a sandbox account if possible). Monitor outbound network activity if you run the skill in an environment you control. - Missing artifacts: README references requirements.txt and tests, but requirements.txt was not included in the inspected manifest. Before running 'pip install -r requirements.txt' confirm which dependencies the code actually needs (skill.config.json lists PaddleOCR, math-images, matplotlib, Pillow). - Run in a sandbox first: Execute the scripts in an isolated environment (container or VM), with no production credentials mounted, verify behavior on simple inputs, and search for unexpected network calls (e.g., telemetry or exfil endpoints). - What would raise/lower my concern: If the publisher provides a trusted repository URL, a clear install script that lists required env vars, and no hidden control characters, this would raise confidence. Conversely, if the package attempts to read arbitrary local files, collect system secrets, or automatically make network calls to unknown endpoints, that would confirm malicious intent. Recommended immediate actions: open SKILL.md and all scripts in a plain-text editor, grep for 'http[s]://', 'api.', 'TOKEN', 'KEY', '/mnt', and for non-printable unicode; remove or edit the GITHUB_UPDATE_SCRIPT if you don't intend to run it; only supply external API keys after reviewing usage code and limiting keys appropriately.

Like a lobster shell, security has layers — review code before you run it.

latestvk977639vhx0e1mppanmvwk65z583p2rx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments