Skillv1.0.0

ClawScan security

Agent Academy Continuity 101 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 3:55 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are consistent with an educational course: it clones a GitHub repo, installs into the user's home skill directory, and tracks progress locally — nothing requests unrelated credentials or hidden network endpoints.
Guidance: This skill appears to be what it says: a course that clones a public GitHub repo into ~/.openclaw/skills and tracks progress locally. Before installing: (1) inspect the GitHub repository content (https://github.com/bobrenze-bot/continuity-101) to confirm you’re comfortable with the files and any CLI provided; (2) do not store or publish sensitive personal data (SOUL.md, agent URLs, or secrets) in submissions or PRs; (3) note the installer will create a symlink at ~/continuity-101 and will run git pull in the installed directory (network activity to GitHub); (4) if you want more isolation, clone the repo manually into a sandbox directory and review the bin/continuity-101 CLI before making it executable or linking it into your home.

Review Dimensions

Purpose & Capability: okThe name/description (an agent course about continuity/memory) matches the code and SKILL.md. Required actions (cloning a repository, creating local progress files, submitting PRs) are appropriate for a course that asks users to create and share artifacts like SOUL.md and memory docs.
Instruction Scope: noteSKILL.md and the scripts only instruct cloning the public GitHub repo, creating a symlink (~/continuity-101), and reading/writing files under ~/.openclaw/skills/agent-academy-continuity-101 and its .progress and submissions directories. This is within scope, but the course explicitly asks users to create identity files (e.g., SOUL.md) and include links to agents in PRs — users should avoid putting sensitive or identifying data into files they plan to publish publicly.
Install Mechanism: okNo packaged or binary downloads; install.sh uses git clone and git pull from a GitHub repository (https://github.com/bobrenze-bot/continuity-101.git). This is a common, low-risk install pattern. No extract-from-URL, no shorteners, and no remote endpoints beyond GitHub are present.
Credentials: okThe skill requests no environment variables, no credentials, and operates only on files inside the user's home skill directory. There are no unexpected SECRET/TOKEN/KEY requirements.
Persistence & Privilege: okalways:false and default autonomous invocation are used. The install creates files under ~/.openclaw/skills/agent-academy-continuity-101, a ~/.progress directory, and a symlink at ~/continuity-101. It does not request system-wide privilege changes or modify other skills' configurations.