ClawHub

English Oral Tutor

Security checks across malware telemetry and agentic risk

Overview

This is a real English tutoring skill, but it requires persistent local storage of a minor's full tutoring conversations without clear consent, retention, or deletion controls.

Install only after replacing the hard-coded local paths, deciding whether full transcripts are truly needed, and adding clear consent, retention, deletion, and access-control rules. For a minor, prefer opt-in summaries over verbatim logging, and disclose any microphone or voice-script use before sessions begin.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The plugin persistently writes injected system-context data to a local file even though its stated purpose is only timing/context injection. That creates unnecessary data retention and potential privacy leakage, especially because the context includes timestamps, lesson state, and behavior directives that may reveal session activity patterns.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Persistent logging of tutoring prompt context is unjustified for this skill and expands the attack surface by leaving artifacts on disk. Local files can be accessed by other users, processes, backups, or forensic tooling, turning transient prompt data into durable records without clear necessity.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill expands beyond conversational tutoring by requiring persistent writes of session summaries and transcripts to local files. That creates unscoped data collection and storage behavior, increasing privacy and retention risk without being necessary to deliver the tutoring function described in the metadata.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
Requiring the tutor to re-read prior conversation history before introducing new topics adds hidden retrieval of stored student data that is not disclosed in the skill description. This broadens the skill's effective permissions from live tutoring to persistent profiling and history-based personalization, which raises privacy concerns.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Mandating full transcript logging after every exchange causes continuous retention of the student's complete utterances, which may include personal or sensitive information. This exceeds what is necessary for a tutoring interaction and increases the blast radius of any later disclosure, misuse, or unauthorized file access.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill hard-codes user-specific Windows filesystem paths, coupling the tutor behavior to local file access in a way unrelated to ordinary oral tutoring. Hard-coded local paths can expose personal directory structure, bypass safer storage abstractions, and create brittle or unintended access patterns on the host system.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code writes to a local log file with no visible disclosure, consent, or warning, which is problematic in a tutoring context that may involve minors and conversational data. Undisclosed storage undermines privacy expectations and can create compliance issues if operators assume the plugin only injects prompt context.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to log errors and maintain a full transcript, but there is no corresponding requirement to notify the student or obtain consent before persistent storage. Because this skill is designed for a minor in a long-running educational setting, silent retention of verbatim conversations creates meaningful privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The archive section describes persistent storage of session summaries and complete verbatim transcripts, yet it does not define any consent, access control, retention limit, or privacy warning. In the context of a tutoring skill for a 13-14 year old, this increases the sensitivity of the stored data and makes unauthorized retention or disclosure more harmful.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to write transcripts and summaries to local files without warning the student that their conversation will be persistently stored. That lack of transparency undermines informed consent and creates avoidable privacy risk, especially because the user is a minor.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill accesses prior session history without telling the user that older conversations may be read to shape the interaction. While less severe than active transcript logging, it still introduces undisclosed use of retained data and can surprise the user with cross-session memory.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Appending every tutor-student exchange to a transcript file without explicit user warning creates silent surveillance-like logging. Because the content includes the student's full responses, this is a material privacy issue and especially concerning in an educational context involving a child.

Ssd 3

Medium
Confidence
98% confidence
Finding
Persistent logging of the student's full responses and session transcript creates a plain-text repository of potentially sensitive personal data over time. In the context of a minor's tutoring sessions, the skill context makes this more dangerous because ordinary educational conversation can still reveal identity, schedule, school, family, emotions, or other private details.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal