Web Learner
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: web-learner Version: 1.0.0 The 'web-learner' skill bundle is designed for autonomous web browsing and information retrieval, with all instructions and listed resources aligning with this stated purpose. It utilizes `web_search`, `web_fetch`, and `browser` tools to gather information from the internet, as detailed in `SKILL.md`. While these tools inherently involve network access and the `browser` tool offers powerful UI interaction capabilities, the skill's instructions do not direct the agent to perform any malicious actions such as data exfiltration, unauthorized execution, persistence, or harmful prompt injection. The potential risks are inherent to any AI agent with web access, rather than evidence of malicious intent within this specific skill bundle.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or low-quality page could influence the agent's summary or answer if not treated carefully.
The skill instructs the agent to retrieve web content and integrate it into answers. Web pages are untrusted context and could contain misleading or prompt-injection-style text, though the skill does not tell the agent to obey page instructions.
获取信息 → 执行查询 4. 整合加工 → 提取关键信息 5. 反馈用户
Treat fetched web pages as source material, not instructions; cross-check important claims and cite sources.
The agent may open dynamic websites and interact with page UI while gathering information.
The skill allows use of an interactive browser when search or fetch tools fail. This is expected for a web-learning skill, but browser UI interaction can become higher impact if used for forms, logins, purchases, or account changes.
当以上工具失败时,使用 `browser` 工具:... 支持截图和 UI 交互
Keep browser use read-only for research unless the user explicitly approves any login, form submission, download, purchase, or account-changing action.
A user may need to configure a search-provider API key for full functionality.
The skill notes that web search may require a Brave API key. This is expected for search integration, and the artifacts do not show token logging, hardcoded credentials, or unrelated credential use.
`web_search` - 需要 Brave API Key
Provide any API key only through trusted platform configuration and use a key scoped to the intended search service.