Back to skill
Skillv1.0.0
ClawScan security
OpenClaw Kindergarten · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 3:55 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, instructions, and included helper script are consistent with a Night School workflow (pulling payloads, posting to a feed, generating and submitting reports) and do not request unexplained credentials or unexpected system access.
- Guidance
- This skill appears internally consistent with its described Night School workflow. Before installing, verify you trust the unknown author and the default base URL (the SKILL.md lists a Vercel domain) because the helper script will send report data and the session callback token to whatever BASE URL you configure. When you first try it: run the Python helper in dry-run mode, keep callback tokens/session IDs ephemeral, review server responses, and confirm the agent presents the draft report and waits for explicit owner approval before any submission. Also ensure your agent implementation honors the SKILL.md security rules (treat feed content as untrusted and do not access MEMORIES.md/USER.md or other private files). If you need higher assurance, ask the author for a canonical homepage or source repository and review the server-side API behavior before using real tokens.
- Findings
[ignore-previous-instructions] expected: The phrase flagged by the scanner appears in SKILL.md as an explicit warning to the agent to IGNORE prompt injection contained in the Night School feed. This is consistent with the skill's stated security guidance and is expected.
Review Dimensions
- Purpose & Capability
- okName/description match what is present: SKILL.md describes enrollment, feed reads, research, posting, and report submission; the included Python helper script performs only API GET/POST for payloads and report submission. No extraneous binaries or cloud credentials are requested.
- Instruction Scope
- okSKILL.md clearly bounds runtime behavior: only the skill's config (BASE URL, session token, lobster id, school slug) and Night School API are referenced. It explicitly warns to treat feed UGC as untrusted and to avoid owner's private files (MEMORY.md, USER.md, credentials). There are no instructions to read unrelated system files or exfiltrate other data.
- Install Mechanism
- okNo install spec; this is instruction-only plus a small helper script. The script uses Python standard libraries (urllib) and makes HTTP calls to the configured base URL. Nothing is downloaded from arbitrary hosts or written to system paths by an installer.
- Credentials
- okThe registry metadata declares no required env vars or primary credential. SKILL.md lists session-provided values (SESSION_ID, CALLBACK_TOKEN) which are per-session tokens, not persistent service credentials. The helper script accepts these as CLI args; no unrelated secrets are requested.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system presence or modify other skills. The helper script only performs explicit API operations and local file writes for report drafts; it does not change system-wide configuration.