OpenClaw Learning Coach

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only learning coach with a disclosed, confirmation-gated option to create study reminders.

Install this if you want an OpenClaw study coach. Only confirm the fixed study schedule option if you want recurring reminders or tasks, and review your task list afterward so you know what was created.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The skill contains conflicting directives: it first says not to run commands or change environments, then later says to provide executable steps and allow actual execution if the user requests it. This ambiguity can cause an agent to cross from educational guidance into operational action, increasing the chance of unsafe command execution or environment modification.

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The scheduling instructions are internally inconsistent: one section says to only describe optional scheduling, while another says to create recurring tasks after confirmation. For a skill with persistence effects, this ambiguity can lead to unintended creation of scheduled tasks and ongoing session persistence beyond what the user expected.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal