v1.0.3

iGOT Karmayogi Automation

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:00 AM.

Analysis

This skill openly automates a logged-in government training account, including assessments and certificates, with very little user confirmation and persistent session/state handling.

GuidanceReview this carefully before installing. Only use it if you are comfortable letting an agent operate your logged-in iGOT Karmayogi account, potentially affecting official course progress, assessments, and certificates. Supervise the session, require confirmations for submissions or enrollments, and clear the saved browser profile and igot-state.json when finished.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

play course videos, enroll in courses, complete assessments, download certificates... The skill launches its own browser, runs fully autonomously

The skill is designed to perform account-mutating and certification-related actions on an official training portal with autonomous browser control.

User impactAfter login, the agent could enroll in courses, complete assessments, and affect certificates or progress records without asking for each high-impact step.

RecommendationUse only with close supervision, and require explicit confirmation before enrollment, assessment submission, course completion, or certificate download.

Agent Goal Hijack

SeverityMediumConfidenceHighStatusConcern

SKILL.md

DO NOT stop between steps. DO NOT wait for the user to message you. DO NOT ask "should I continue?" — just continue.

The skill explicitly changes normal stopping and confirmation behavior, limiting user intervention during an ongoing automated account session.

User impactThe agent may keep taking actions even when a normal assistant would pause for confirmation, increasing the chance of unintended portal activity.

RecommendationAdd user-confirmation gates for high-impact steps and define a narrow course/task scope before starting.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusConcern

SKILL.md

If browser tool fails: → Try: playwright-mcp launch → If that fails: exec: npx playwright open https://portal.igotkarmayogi.gov.in/page/home

The runtime workflow includes an automatic shell-command fallback using npx rather than only the managed browser tool.

User impactIf the primary browser tool fails, the agent may run a local command that can invoke an unpinned Playwright package or external tooling.

RecommendationRemove the npx fallback, pin and preinstall any required tool, or require explicit user approval before any shell command is executed.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

references/selectors.md

Login state persists via localStorage JWT token — check localStorage.getItem('userDetails') to verify session without navigating to profile.

The skill documentation instructs use of authenticated session state for the portal, including JWT-backed localStorage information.

User impactInstalling and using the skill gives the agent practical control over a logged-in government training account session.

RecommendationUse a dedicated browser profile, log out after use, clear the profile/state if no longer needed, and do not use the skill unless you trust it with the portal account.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

File: ~/.openclaw/workspace/igot-state.json... On startup: ALWAYS check if this file exists first... resume from saved position — do not restart.

The skill stores operational state locally and treats it as authoritative for future runs.

User impactCourse names, progress, and task state may remain on disk, and a stale or modified state file could cause the agent to resume the wrong action.

RecommendationReview or delete the state file between sessions, and require the agent to validate resumed state against the visible page and user intent.