Training Manager
v0.1.4Manage and optimize your OpenClaw training workspace -- scaffold files, generate skills, log training sessions, and validate workspace structure.
⭐ 0· 575·0 current·0 all-time
by@anova44
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description (training manager / workspace scaffolding, skill generation, logging, validation) match the provided scripts and SKILL.md. Required runtime is only bash and an optional OPENCLAW_WORKSPACE path; scripts operate on the workspace files they claim to manage. No unexpected external services, credentials, or unrelated binaries are requested.
Instruction Scope
Runtime instructions direct the agent to run the included scripts, perform interactive onboarding, write bootstrap files via a dedicated writer, analyze/validate workspace files, export backups, and create skills under workspace/skills. This is within purpose. Note: Phase 4 asks to display full source of included files to the operator (useful for review but could expose secrets if the workspace contains them). Also, a prompt-injection blocklist appears in the SKILL.md (and is used by the security library) — the static detector flagged the phrase but it appears to be defensive rather than malicious.
Install Mechanism
No automated install spec is embedded (instruction-only skill plus shipped scripts). The README suggests cloning from GitHub or a hub but the skill itself does not download or execute remote archives. This lowers install risk.
Credentials
No required environment variables or credentials are declared. Scripts optionally respect OPENCLAW_WORKSPACE and use HOME for backup paths; they do not request cloud or third-party secrets. The tool writes to the user's workspace and backup directory, which is proportional to its functionality.
Persistence & Privilege
always:false and the skill does not request system-wide persistence. It creates and manipulates files only inside the declared workspace (~/.openclaw/workspace or OPENCLAW_WORKSPACE) and backup directory; it can generate new skills under workspace/skills, which is expected behavior. It does not modify other skills' configs outside that workspace.
Scan Findings in Context
[ignore-previous-instructions] expected: The static detector flagged 'ignore previous instructions' pattern in SKILL.md. That string appears inside the skill's defensive prompt-injection blocklist (scripts/lib/security.sh) and SKILL.md's discussion of blocked patterns, so the finding is expected and appears to be part of the skill's security controls rather than an attack payload.
Assessment
This skill appears coherent and implements its own safety checks (prompt-injection detection tiers, shell metacharacter checks, rate limiting, whitelisted file writes). Before installing or running it, review the scripts yourself and take these practical steps: 1) Run it in a test or isolated workspace (set OPENCLAW_WORKSPACE to an empty directory) so it can't touch your real data. 2) Inspect workspace files for secrets — the skill reads and writes files in the workspace and will expose file contents during the interactive flow. 3) If you plan to generate skills from untrusted input, note generate-skill.sh writes SKILL.md into workspace/skills; treat generated skills like third-party code and review them before enabling. 4) The README mentions cloning from GitHub / a hub; only install from sources you trust. 5) The pre-scan injection hit is defensive: it comes from the blocklist inside the security library. If you want higher assurance, run the scripts through a local audit (shellcheck, manual read) before use.Like a lobster shell, security has layers — review code before you run it.
latestvk977mhvjzs15xssj505cs29mjx81920v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis
OSLinux · macOS
Binsbash