ielts-speaking-coach Security Report — Trusted | ClawSafe

5 /100

ielts-speaking-coach

IELTS Speaking examiner and tutor skill with audio pronunciation scoring, Part 1/2/3 practice, mock exams, and ZPD learning paths

IELTS Speaking Coach is a clean, documentation-only skill with no executable code. All declared permissions (network for LLM API calls, shell for ffmpeg audio conversion) match actual usage patterns with no hidden functionality.

Skill Nameielts-speaking-coach

Duration53.9s

Enginepi

✓

Safe to install

Approve for deployment. No security concerns identified. The optional backend reference in TESTING.md is localhost-only and documented.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file read/write operations — uses bundled reference files only
Network	`READ`	`READ`	✓ Aligned	LLM API calls for scoring, feedback, model answers — declared in SKILL.md permis…
Shell	`WRITE`	`WRITE`	✓ Aligned	ffmpeg audio conversion (16kHz mono WAV) — declared in SKILL.md Audio Analysis s…
Environment	`NONE`	`NONE`	—	No environment variable access
Skill Invoke	`NONE`	`NONE`	—	No sub-skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser usage
Database	`NONE`	`NONE`	—	No database access — optional backend is localhost-only

1 findings

🔗

Medium External URL 外部 URL

http://host.docker.internal:8081

TESTING.md:107

File Tree

14 files · 97.1 KB · 2355 lines

Markdown 11f · 1983L JSON 2f · 251L YAML 1f · 121L

├─ 📝 CHANGELOG.md Markdown 59L · 3.3 KB

├─ 📋 clawhub.json JSON 12L · 1.1 KB

├─ 📝 cue-cards-2025-may-aug.md Markdown 160L · 3.6 KB

├─ 📝 cue-cards.md Markdown 527L · 10.7 KB

├─ 📝 examples.md Markdown 125L · 8.5 KB

├─ 📝 learning-path.md Markdown 277L · 13.2 KB

├─ 📝 pronunciation-guide.md Markdown 173L · 5.3 KB

├─ 📝 PUBLISH.md Markdown 47L · 1.9 KB

├─ 📝 README.md Markdown 134L · 5.7 KB

├─ 📝 scoring-rubric.md Markdown 242L · 8.8 KB

├─ 📝 SKILL.md Markdown 132L · 4.1 KB

├─ 📋 skill.yaml YAML 121L · 6.4 KB

├─ 📝 TESTING.md Markdown 107L · 2.4 KB

└─ 📋 vocab-map.json JSON 239L · 22.1 KB

Security Positives

✓ All 14 files are documentation/data (Markdown/JSON/YAML) — no executable code whatsoever

✓ Permissions (network, shell) are accurately declared and match actual use

✓ No .env files, no hardcoded credentials, no API key access

✓ Audio processing via ffmpeg is documented and necessary for pronunciation scoring

✓ The optional backend URL (host.docker.internal:8081) is localhost-only, not an external C2 endpoint

✓ No obfuscation, no base64 payloads, no eval() calls

✓ No supply chain risk — no external dependencies pinned or unpinned

✓ Reference files (scoring-rubric.md, cue-cards.md, vocab-map.json) are static educational content

Scan Report

File Tree

Security Positives