ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

English Oral Tutor

v1.0.4

Provides voice-based English speaking lessons and conversation practice for Chinese Grade 7 students, including pronunciation correction and mic setup help.

0· 97·0 current·0 all-time
by@zhiyicom
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's voice tutoring purpose justifies helping with microphone and TTS setup, so the technical-fix content is related. However, the SKILL.md directs edits to global OpenClaw files (AppData\Roaming\npm\node_modules\openclaw\dist\...) and to a workspace backup path (C:\Users\samuel\...), which is broader and more powerful than a typical tutor skill would need. Hardcoded username paths ('samuel') and instructions to overwrite files in a global package are disproportionate and unusual for a simple lesson skill.
!
Instruction Scope
Instructions explicitly tell the user/agent to copy and patch gateway-cli JavaScript inside an installed openclaw package, run PowerShell scripts, run npm pack and edit extracted files, and insert JS snippets into a bundled UI asset. Those runtime instructions involve reading and writing system files, require elevated privileges in some environments, and can affect other OpenClaw functionality. The skill references scripts (scripts/fix-microphone.ps1, scripts/fix-microphone-shortcut.ps1) that are not present in the file manifest, increasing risk: the agent/user would need to obtain or run external scripts not included with the skill.
Install Mechanism
This is an instruction-only skill with no install spec or remote downloads, which reduces supply-chain risk. The risk arises from the instructions (file modifications) rather than an installer or remote archive.
Credentials
The skill requests no environment variables or credentials (which is good). However, it asks to modify files under system/global installation paths (node_modules) and the user's home directory — operations that require filesystem write access and sometimes elevated privileges. No secrets are requested, but filesystem-level changes are high-privilege relative to a tutoring task and should be justified and inspected.
!
Persistence & Privilege
The skill is not marked always:true, and autonomous invocation is allowed (the platform default). The central concern is that the instructions modify another package's installed files (OpenClaw's dist files), which changes system-wide behavior beyond this skill's scope. A skill directing edits to other components is a privilege escalation risk and should be treated cautiously.
What to consider before installing
What to consider before installing or following this skill: - The tutoring content is coherent, but the technical fixes instruct you to overwrite and patch OpenClaw's installed files (node_modules) and to run PowerShell scripts. That can change system-wide behavior and requires write/admin access — do not run these steps blindly. - The SKILL.md references scripts (scripts/fix-microphone*.ps1) that are not included in the package. Ask the author for the actual scripts and inspect their contents before running them. - Hardcoded file paths (C:\Users\samuel\...) are suspicious: they may not match your environment and suggest the instructions were copied from a single developer's machine. Verify and adapt paths carefully. - If you need the mic fixes, prefer safe alternatives: ask for patch diffs rather than binary copies, back up original files first, or test in an isolated environment (VM) before modifying your primary system. - Consider requesting provenance: who published this skill, where did the scripts/patches come from, and can they provide signed releases or source code for review? - If you must apply fixes, make incremental backups, review any scripts line-by-line, avoid running anything that contacts unknown external endpoints, and keep the skill disabled from autonomous runs until you trust it. Given the mixture of reasonable tutoring content and risky system-modifying instructions, treat this skill with caution and seek the missing scripts/source before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk974akvfkachknfrza7v3w922983kv2b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments