Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Learning Coach
v1.0.1For new OpenClaw users, provide a staged learning path based on official docs, moving from usage to configuration to core concepts, with everyday analogies.
⭐ 1· 395·6 current·6 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the SKILL.md: the skill is a teaching assistant that uses official docs and analogies. However, the docs guidance asks the agent to prefer local docs in an OpenClaw install directory (e.g., <openclaw_install>/docs) without declaring any config path, environment variable, or permission to locate that directory. That is a minor mismatch between claimed requirements (none) and the instruction to access local installation files.
Instruction Scope
The runtime instructions tell the agent to: (A) read local docs under the OpenClaw installation directory if present, and (B) fall back to fetching https://docs.openclaw.ai using `web_fetch`. Reading local docs is within the skill's purpose, but the SKILL.md does not declare how to find the install path or whether the agent should prompt for explicit user permission to read files. The doc also includes scheduling behavior: it says to schedule recurring tasks after confirmation and to remind the user to check the task list. The skill doesn't declare a scheduling mechanism (calendar API, local cron, or agent-managed task list) or any credentials needed to access calendars/task lists. That ambiguity is the primary instruction-scope concern: the agent could attempt to access local files or external task systems in ways not described here.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is low risk from an installation perspective: nothing will be written to disk or downloaded as part of installing the skill.
Credentials
The skill declares no required environment variables, credentials, or config paths. The SKILL.md explicitly forbids requesting keys/tokens and forbids running commands or changing environments. Given its teaching purpose, this is proportionate. The only minor note is that it expects to read local docs (filesystem access) and to schedule reminders — both may require access/permissions that are not declared.
Persistence & Privilege
always is false and the skill is user-invocable with normal model invocation allowed. There is no request for permanent system presence or cross-skill configuration changes, so persistence/privilege is appropriate.
What to consider before installing
This skill is mostly coherent with its teaching goal, but ask the publisher two clarifying questions before installing/using it: (1) How will the agent locate and read local OpenClaw docs? Will it prompt you for a path or explicit permission before accessing files? (2) If you confirm scheduling, what mechanism will it use to create recurring tasks or reminders (local cron, a calendar/todo API, or an agent-managed list)? Will it need access tokens for your calendar or task app? If you are uncomfortable granting file or calendar access, keep the interaction manual: ask the skill to show command examples and a one-time syllabus rather than letting it fetch local docs or schedule tasks. Finally, prefer to run the skill interactively and decline any automatic actions that would read files or modify external task lists until the access model is explicit.Like a lobster shell, security has layers — review code before you run it.
latestvk975afa5z73hvhvhrtyvnzxcxh82g84g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.