ClawHub

openlesson

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a normal tutoring API integration, but it gives conflicting instructions about creating calendar events or reminders without a clear opt-in boundary.

Install only if you are comfortable giving the skill an openLesson API key and sending spoken tutoring audio to the openLesson service. Before using it, treat calendar events, reminders, notifications, and recurring follow-ups as opt-in only; do not let the agent create or persist them unless you explicitly ask and review the details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill explicitly warns that using the apex domain causes a redirect that drops the Authorization header, but the sample Python workflow sets BASE_URL to https://openlesson.academy anyway. This can cause authentication failures, accidental requests to the wrong origin flow, and trains downstream agents to use an unsafe endpoint contrary to the documented requirement.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The skill states that no calendar access is needed and that reminders are only behavioral, but later instructs the agent to create calendar events or reminders for every session. This contradiction can mislead an agent into taking external actions affecting user data or third-party systems without clear consent, scope, or required permissions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill encourages scheduling sessions via calendar events or reminders without clearly warning that this may modify external systems or user data. That omission increases the risk of unauthorized actions, especially because the rest of the skill suggests no calendar integration is needed, creating ambiguity about what the agent is allowed to do.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal