v1.0.0

botlearn-graduate

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:16 AM.

Analysis

This is a coherent graduation-coach skill, but it asks the agent to inspect broad personal history, memory, workspace, and session data without clear privacy boundaries.

GuidanceReview before installing. This skill is not showing destructive behavior, but it is designed to analyze your personal agent history. Only use it if you are comfortable letting it inspect your 7-day conversations, memory, workspace metadata, skill usage, and profile-style files. Ask it to get permission before reading each source, avoid sensitive documents, and opt out of any shared or persistent journey graph unless you explicitly want that.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

IF 7 days since first activation: 1. Notify: "🎓 Congratulations! You've completed your 7-day OpenClaw journey!" 2. Offer graduation ceremony

The skill describes a scheduled reminder based on first activation time, which is purpose-aligned but implies some autonomous follow-up behavior.

User impactThe agent may proactively prompt the user after seven days if the platform supports scheduled activation.

RecommendationKeep scheduled graduation reminders opt-in and allow the user to disable or dismiss future check-ins.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

manifest.json

"dependencies": { "@botlearn/openclaw-doctor": ">=0.1.0", "@botlearn/google-search": ">=0.1.0" }

The skill declares dependent skills with open-ended minimum versions. These are purpose-aligned, but their permissions and provenance matter if installed or invoked.

User impactAdditional skills may be used for health checks or web search, expanding what the agent can do beyond this instruction-only package.

RecommendationReview the dependent skills, prefer pinned or trusted versions where possible, and confirm their capabilities before allowing them to run.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

strategies/Main.md

GET /memory/snapshots?label=day1-baseline ... "documentCount": [count workspace docs] ... "completed": [from session logs] ... "skillsUsage": { [count per skill] }

The strategy tells the agent to gather memory snapshots, workspace document information, session logs, and skill usage data to build the report.

User impactThe skill may cause the agent to review private conversation history, personal memory, workspace contents, and configuration details while generating a graduation report.

RecommendationUse only with explicit source approval. Ask the agent to list the data it wants to inspect, limit it to the 7-day journey, avoid sensitive documents, and provide a report that can be reviewed and deleted.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

knowledge/Domain.md

Day 7 contributes: User's journey becomes a data point, successful patterns added to graph, anti-patterns noted.

This suggests the user's journey data may be retained or reused beyond the personal graduation report, without explaining consent, anonymization, storage location, or retention.

User impactPersonal usage patterns could be reused for broader product or community analysis in ways the user may not expect.

RecommendationRequire clear opt-in before adding journey data to any shared or persistent graph, and document what is stored, where it is stored, and how the user can remove it.