Ai Trainer
Security checks across malware telemetry and agentic risk
Overview
This skill is not clearly malicious, but it deserves review because it can automatically write web-derived content into persistent memory and agent rule files.
Install only if you want the assistant to help maintain long-term memory and workspace rule files. Before using it, require the assistant to show proposed changes, get explicit approval before writing AGENTS.md or MEMORY.md, limit trusted documentation sources, and keep backups so changes can be reverted.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Incorrect or malicious content from a documentation page could become part of the assistant's future memory or rules and affect later work.
The skill instructs the agent to persist information from learned documentation into files that can influence future tasks. There is no clear requirement for user review, rollback, or separation between untrusted web content and operational instructions.
Automatically update workspace rules (AGENTS.md) and memory (MEMORY.md) with newly acquired insights.
Require an explicit user-approved diff before any AGENTS.md or MEMORY.md change, keep backups, record sources, and store web-derived notes separately from executable or authoritative rules.
The assistant could alter workspace rules or memory in ways the user did not intend, affecting future agent behavior.
The skill grants file mutation authority over configuration and memory files, but the artifacts do not define narrow paths, approval gates, backups, or limits on what rule changes are acceptable.
`edit`/`write`: Update system configuration and memory files.
Limit writes to specific approved files, require user confirmation for each change, show proposed edits first, and provide a simple rollback process.
The assistant may run local commands to inspect the environment.
Local command execution is disclosed and appears limited to environment checks, but it is still a sensitive capability users should notice.
`exec`: Verify local environment status (e.g., Ollama tags, node version).
Ask before running commands and keep them read-only unless the user explicitly requests a change.