Learning Planner
Security checks across malware telemetry and agentic risk
Overview
This appears to be a local learning-planner CLI with no evidence of data exfiltration or credential access, though it stores personal learning data locally and its package references some files not present in the provided artifacts.
This skill looks safe for local learning tracking, but check that the package is complete before installing. Be aware that it keeps your learning goals, cards, resources, notes, and study sessions in a local database under ~/.config/learning-planner/learning.db.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not install or run as documented, and users cannot fully verify the referenced CLI behavior from the supplied artifacts.
The package advertises a CLI entrypoint, but the provided file manifest/source contents do not include src/learning_cli.py. This is a package completeness/provenance issue rather than evidence of malicious behavior.
"main": "src/learning_cli.py", "bin": { "learning": "./src/learning_cli.py" }Verify the source repository or package contents include the referenced CLI and supporting modules before installing or relying on the command.
Your learning plans, notes, study history, and flashcard content may remain on disk after use.
The skill explicitly persists learning goals, flashcards, resources, and session history in a local database, which is expected for this purpose but still creates retained personal data.
Database location: `~/.config/learning-planner/learning.db`
Avoid storing secrets or highly sensitive personal information in learning notes/cards, and delete the local database if you no longer want this history retained.