ClawHub

botlearn-graduate

Security checks across malware telemetry and agentic risk

Overview

This is a coherent graduation-report skill, but it asks the agent to inspect and retain broad user history without clear opt-in or retention controls.

Install only if you are comfortable with the skill reviewing OpenClaw memory, session history, configuration history, workspace metadata, and skill usage to generate a profile-like progress report. Use it after an explicit Day 7 request, review the data sources before analysis, and do not save reports, contribute journey data to shared graphs, or enable follow-ups unless you intentionally opt in.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes very generic terms such as "graduate" and "completion," which are likely to appear in ordinary conversation outside the intended Day 7 retrospective flow. This can cause unintended activation, leading the agent to shift context, collect or summarize user progress unexpectedly, or interrupt other workflows with irrelevant coaching behavior.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation logic uses open-ended language like "etc." and does not define clear boundaries for when the skill should run. Ambiguous activation rules increase the chance of accidental invocation and inconsistent behavior, especially when combined with already broad trigger phrases, which can cause the agent to initiate retrospective analysis or community guidance in unrelated contexts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guidance explicitly recommends collecting a 'live collection' of user-related data such as skills used, configuration changes, documents in memory, tasks completed, and workflow patterns, but it provides no consent, minimization, retention, or access-control safeguards. In a graduation/progress-report skill, this broad telemetry collection can expose sensitive behavioral and workspace data beyond what is necessary, especially if users are unaware the snapshot is being gathered or reconstructed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file instructs saving the graduation report to the workspace and using it as a future baseline, which creates persistent storage of potentially sensitive user history without any warning about persistence, visibility, or retention. Because the report may summarize behavior, achievements, workflow patterns, and inferred archetypes, storing it by default can increase privacy risk and long-term exposure if the workspace is shared or later accessed by other skills or users.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The strategy explicitly directs the agent to collect memory snapshots, session history, workspace documents, personalization files, and inferred satisfaction data without any user-facing notice, consent step, or data-minimization guardrail. This creates a privacy vulnerability because the skill can aggregate sensitive behavioral and personal information beyond what the user may expect from a 'graduation' or 'review' request, increasing the risk of unauthorized profiling or disclosure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes automatic 14/30/90-day follow-up scheduling without warning the user or obtaining consent to create reminders or future outreach. Even if framed as helpful engagement, silently creating persistent follow-up actions changes system state and can surprise users, leading to privacy, autonomy, and unwanted-notification risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal