Training Manager

Security checks across malware telemetry and agentic risk

Overview

This skill intentionally manages local OpenClaw training files and persistent memory, and its artifacts disclose that behavior without evidence of hidden exfiltration or destructive actions.

Install only if you want a skill that edits your OpenClaw workspace and saves training notes over time. Review changes to AGENTS.md, SOUL.md, USER.md, MEMORY.md, generated skills, and exported backups; avoid storing secrets or sensitive personal information; and keep backups before large training or consolidation changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill invokes shell scripts extensively but does not declare any explicit permissions or capability gating beyond requiring the bash binary. That creates an authorization gap: a user or platform may treat the skill as low-risk from metadata while it can actually modify files, create directories, export backups, and run validation scripts.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 86% confidence
Finding: The high-level description understates the skill's operational scope. In addition to training management, it can export workspace contents to backup archives, write and update multiple prompt-bearing files, and perform broad workspace analysis, which can surprise operators and reduce informed consent for sensitive actions.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README states that corrections and preferences are categorized and logged automatically into persistent workspace files, but it does not clearly warn users that potentially sensitive behavioral preferences, facts, and other content will be stored on disk. This creates a real privacy risk because users may disclose personal or confidential information during normal use without informed consent about retention and file locations.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The interactive onboarding collects personal profile information such as name, timezone, communication style, and preferences, but the README does not clearly disclose that these answers will be written into generated workspace files. That omission can lead to inadvertent storage of personal data and creates a privacy/compliance issue, especially in shared or synced workspaces.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The invocation guidance says to infer user intent broadly and auto-run setup when files are missing, which increases the chance the skill triggers on generic workspace questions. That can lead to unexpected file creation or modification in a prompt-sensitive workspace without sufficiently explicit user intent.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The correction trigger examples include common phrases like 'remember this' and 'next time do Y,' which are normal conversational language and may cause over-eager persistence of user text into long-term workspace files. In this skill, those files influence future agent behavior, so accidental logging has elevated risk.

Self-Modification

High

Category: Rogue Agent
Content: ### 1. Scaffold Workspace (`scaffold`) **Fallback for power users** who want raw templates instead of the interactive setup. Generate or regenerate workspace bootstrap files from best-practice templates. Run `{baseDir}/scripts/scaffold.sh` to create any missing workspace files with sensible defaults. Never overwrite existing files unless the operator explicitly says to. ```bash bash {baseDir}/scripts/scaffold.sh
Confidence: 74% confidence
Finding: overwrite existing file

Session Persistence

Medium

Category: Rogue Agent
Content: Want me to adjust anything? ``` Create `MEMORY.md` as an empty template and ensure the `memory/` directory exists: ```bash bash {baseDir}/scripts/write-file.sh MEMORY.md "# Long-Term Memory"
Confidence: 81% confidence
Finding: Create `MEMORY.md` as an empty template and ensure the `memory/` directory exists: ```bash bash {baseDir}/scripts/write-file.sh MEMORY.md "# Long-Term Memory" mkdir -p "$(echo ${OPENCLAW_WORKSPACE:-$

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal