Online Course Creator

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward course-material generator with minor publishing and marketing-copy cautions, not evidence of malicious behavior.

Safe to install for drafting course materials. Review generated marketing copy carefully before publishing, especially testimonials, student counts, urgency claims, guarantees, discounts, certificates, and earnings-style claims. If using manual install instructions or relying on the OpenClaw branding in the docs, verify the publisher and repository first. Running example.js writes a local JSON export file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The README promotes automatic generation of course marketing materials, including testimonials, landing-page copy, and social posts, without any disclosure guidance or warning about synthetic promotional content. This can encourage deceptive or misleading advertising practices, especially if users publish AI-generated endorsements or claims as authentic human statements.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are broad and map to common educational requests such as course outlines, scripts, and teaching materials. This can cause the skill to activate unexpectedly for ordinary user queries, potentially hijacking intent routing and inserting paid or specialized behavior where the user did not explicitly request this skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal