ClawHub

botlearn-reminder

Security checks across malware telemetry and agentic risk

Overview

This looks like a BotLearn onboarding reminder that fetches tutorial pages and stores local progress, with manageable disclosure and trigger-scoping issues rather than malicious behavior.

Reasonable to install if you want BotLearn onboarding reminders. Before enabling it, confirm you are comfortable with periodic requests to botlearn.ai and a local progress file, and consider narrowing triggers or disabling heartbeat behavior if you only want manual reminders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares it can autonomously run scripts, invoke shell tooling, and use environment variables, but it does not expose corresponding permissions or user-facing consent boundaries. This creates a capability transparency problem: a user may trigger a learning reminder while the agent performs local execution and state changes behind the scenes.

Intent-Code Divergence

Low
Confidence
83% confidence
Finding
The configured heartbeat storage path is `memory/botlearn-reminder.json`, while the documented memory file is `memory/botlearn-tips.json`. This inconsistency can cause the skill to read and write different state files, leading to broken reminder logic, duplicate actions, or unexpected persistence behavior.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The strategy explicitly instructs the agent to fetch live web content before every reminder, even though the skill's purpose is a simple onboarding reminder workflow. Introducing network retrieval expands the trust boundary and creates a prompt-injection and untrusted-content risk: remote page content could manipulate downstream summaries or outputs, and the agent is told to treat fetched content as current and authoritative. In this context, the feature is not strictly necessary to deliver reminder scheduling, so the extra capability increases attack surface without clear security controls.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README describes automatic fetching from botlearn.ai and persistent writes to a local memory file, but does not clearly warn users that the skill performs network requests and stores progress state on disk. In an agent skill, silent outbound requests and local state modification can affect privacy expectations, create unintended data exposure, and make behavior harder for users to audit or consent to.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Several triggers such as `quickstart`, `daily reminder`, `next day`, and `learning progress` are generic enough to match ordinary conversation unrelated to this skill. Because the skill is designed to autonomously fetch web content and update state, accidental activation can cause unintended network access and file writes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to run setup scripts, fetch remote pages, and update progress state automatically without warning the user or requesting confirmation. In a skill that performs local execution and persistence, this reduces user control and increases the risk of unintended side effects from a simple conversational trigger.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase "quickstart" is generic and likely to appear in many unrelated user requests, which can cause the skill to activate outside its intended BotLearn-specific context. In this skill, unintended activation is more concerning because the manifest advertises heartbeat reminders, progress tracking, and dynamic page fetching, so a broad trigger could lead to unnecessary retrieval actions, reminder behavior, or user confusion.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal