ClawHub

Create Educational Subagent

Security checks across malware telemetry and agentic risk

Overview

This educational tracking skill is plausible, but it tells users to grant broad OpenClaw administrative and secrets-related permissions that are not justified by class progress recording.

Review before installing. Do not run the approval script or approve any OpenClaw request from this skill unless you are an authorized administrator and have inspected the exact request ID, requester, device, and scopes. A classroom progress tracker should normally avoid admin, approval, pairing, and secrets permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill instructs approval of broad permissions including operator.admin, operator.approvals, operator.pairing, and operator.talk.secrets, which are far beyond what is needed to record class progress. Granting these capabilities could expose secrets, enable administrative actions, and let an otherwise benign-seeming workflow become a stepping stone to broader system compromise.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
Although the manifest describes class-progress tracking, the body of the skill is substantially focused on gateway state, permission escalation, approvals, and runtime operational workarounds. This creates a deceptive trust boundary where low-risk educational automation is used to normalize or conceal high-risk privileged operations.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Bundling an automation script specifically for permission approval makes the unjustified privilege escalation easier to execute and harder for users to scrutinize. Automating approval in a skill with an educational purpose reduces friction for dangerous actions and increases the chance of accidental or inappropriate privilege grants.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill presents privileged approval and subagent-creation commands without clear warning that they elevate permissions and may expose sensitive access. Users may follow the instructions believing they are performing routine setup, when they are actually authorizing powerful capabilities with security implications.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script unconditionally approves the latest pending device permission request with no validation, warning, or user confirmation. In an agent workflow, this can silently grant sensitive capabilities to a request the user did not review, especially if multiple requests exist or if an attacker can trigger a permission request immediately before the script runs.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal