Skillvv1.0.9-simplified

ClawScan security

education-learning-aggregation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 15, 2026, 12:50 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to aggregate and auto-route 28 education sub-skills and provide uniform outputs, but the provided SKILL.md is only documentation with no implementation details or runtime instructions to actually perform routing — the capability is asserted, not realized.
Guidance: This package is essentially a README describing an aggregator, not an implemented skill. Before installing, ask the publisher for evidence of implementation: the code or SKILL.md runtime instructions that actually perform automatic routing, the exact mechanism used to invoke child skills (platform API calls, named skill IDs, or shell commands), and any required permissions. If you only need documentation, installing it will likely just add a README and keyword trigger — it won't provide the claimed automatic orchestration. Prefer installing in a sandbox or test agent first, restrict any admin permissions during import, and request a concrete list of how child skills are invoked and audited (invocation logs, allowed targets). If the author cannot provide implementation details (code or explicit platform invocation steps), treat this as a placeholder and avoid relying on it for production automation.

Review Dimensions

Purpose & Capability: concernThe name/description promise (automatic routing among 28 child skills, unified output formatting, runtime aggregation) is not supported by any required binaries, env vars, code, or runtime instructions. The SKILL.md is essentially a README and installation hint; it does not contain the logic, API endpoints, or invocation details that would be needed to implement automatic routing and aggregation. This mismatch suggests the skill is a metadata/placeholder rather than an implemented aggregator.
Instruction Scope: concernRuntime instructions only tell an operator to paste the document into OpenClaw's management UI and set keyword trigger rules. There are no concrete runtime steps describing how the agent should discover, call, or coordinate the listed sub-skills, nor how outputs are normalized. The instructions are vague and grant broad discretion (e.g., '自动识别用户需求类型，自动路由到对应子技能处理') without boundaries, which is a scope/expectations mismatch.
Install Mechanism: okNo install spec and no code files are present, so nothing is written to disk or downloaded. From an install mechanism perspective this is low risk — it's an instruction-only/README skill.
Credentials: okThe skill requests no environment variables, credentials, or config paths. There is no apparent demand for secrets or unrelated service access, which is proportionate given the delivered files (documentation only).
Persistence & Privilege: notealways is false and autonomous invocation is allowed by platform default. The SKILL.md implies configuration of trigger rules and adding/removing child skills in a manager UI; if installed with elevated admin permissions the aggregator could be used to change skill routing, but the package itself does not request such privileges. Verify what installer permissions are required at import time.