Back to skill
Skillv2.0.0
VirusTotal security
yan-learning-engine · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:25 AM
- Hash
- c30d5029697337eb56dae2ae9d5f2df9c598e3a85b88532af0f352ccf8991fde
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: yan-learning-engine Version: 2.0.0 The skill bundle implements an autonomous 'learning engine' that explicitly instructs the AI agent to bypass human-in-the-loop (HITL) confirmation, using phrases like 'Don't ask, just do' and 'Publish immediately' in SKILL.md and EXECUTION_RULES.md. While the stated intent is productivity and ecosystem contribution, these instructions function as a prompt injection that removes safety guardrails, potentially leading to unauthorized code execution or data exposure if the agent misinterprets a task. The run.sh script and associated JSON files manage state and scheduling but do not contain explicit evidence of intentional data exfiltration or backdoors.
- External report
- View on VirusTotal