ClawHub

Training Manager

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it manages local OpenClaw workspace training files, with no evidence of hidden network access, credential theft, or destructive behavior.

Install only if you want this skill to create and update plaintext OpenClaw workspace files. Do not store passwords, API keys, private records, or other secrets in training corrections, MEMORY.md, daily logs, generated skills, or exported backups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
81% confidence
Finding
The README instructs users to 'Just invoke /training-manager' and says the skill may automatically begin interactive setup, but it does not clearly constrain when potentially state-changing actions occur or require explicit confirmation before modifying workspace files. In a skill that scaffolds files, logs corrections, exports backups, and generates skills, overly broad invocation guidance increases the chance of unintended file creation or modification through casual or ambiguous use.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises automatic categorization and logging of user corrections into persistent workspace files, but it does not provide a clear warning that user data and instructions will be written to disk. Because these files may contain preferences, behavioral rules, facts, or memory-like content, users may unknowingly persist sensitive or private information, and the skill context makes this more concerning since its core purpose is ongoing workspace modification.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The logging trigger language is broad enough to match normal conversation such as 'remember this' or 'next time do Y', which could cause the skill to persist content when the user did not intend a durable workspace modification. Because persisted content becomes part of future agent context, accidental invocation can have lasting behavioral or privacy consequences.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The setup flow automatically writes multiple high-impact workspace files after conversational prompts, but does not begin with a clear warning that user data and preferences will be persisted. Since these files influence future agent behavior, silent or implicit writes increase the risk of unintended configuration changes and prompt-surface expansion.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to immediately store whatever the user says into long-term memory and a daily log without a privacy warning. This can capture sensitive personal, project, or credential-adjacent information and persist it into files that may later be reused, backed up, or exposed through other tooling.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script creates and populates multiple files in the configured workspace immediately on execution, with no explicit confirmation, dry-run mode, or summary prompt before writing. Although the target is a user workspace rather than a privileged system location, this still causes unattended state changes and could overwrite user expectations about when and how training data is initialized.

Ssd 3

Medium
Confidence
93% confidence
Finding
Persisting any 'important context' without sensitivity checks is dangerous because users may provide secrets, tokens, private notes, or third-party data during onboarding. The skill normalizes indiscriminate retention into both durable memory and dated session logs, increasing exposure and making later cleanup harder.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal