Educlaw Ielts Planner

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed IELTS study-planner skill with calendar, local tracking, and notification integrations, but users should configure its credentials and automations carefully.

Install only if you are comfortable giving gcalcli access to your Google Calendar and sending reminders or reports to Discord/Telegram. Prefer registry or package-manager installation over curl-to-bash, keep bot/API tokens out of shared files and source control, use a private notification channel, and enable only the cron jobs you actually want.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger

Findings (19)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The workflow adds recurring cron-based calendar monitoring and Discord alerting that go beyond a narrow IELTS planning function into ongoing surveillance of the user's schedule. Even if intended as convenience features, this expands data access and disclosure scope, creating unnecessary privacy exposure and increasing the blast radius if prompts or channels are misconfigured.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The file introduces creation and ongoing use of a local SQLite database for sessions, vocabulary, materials, and summaries, which is broader persistence than the stated planner/scheduler role implies. Undisclosed data storage increases privacy and security risk because study history and derived behavioral data may accumulate without clear consent, retention limits, or access controls.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README explicitly promotes automated web searching and Discord-delivered cron jobs, but it does not clearly warn users that study prompts, calendar-derived context, links, or progress summaries may be transmitted to external services. In a skill that handles personal schedules, learning progress, and third-party integrations, this omission can cause users to unknowingly expose sensitive behavioral or scheduling data.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The README explicitly advertises automated local data storage in SQLite and outbound Discord notifications, but it does not provide a clear privacy warning, data-handling notice, or consent guidance near those claims. In a study-planner skill that processes schedules, progress, and potentially sensitive learning context, this can lead users to enable the skill without understanding that personal data may be persisted locally and shared to external services.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The guide recommends executing a remote installer via `curl ... | bash` without verification, pinning, checksum validation, or safety warnings. This creates a direct remote code execution path where compromise of the download endpoint, DNS, TLS trust chain, or installer content can lead to arbitrary command execution on the user's machine.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The guide instructs users to place API keys and tokens directly into configuration files, including examples with plaintext secrets, but does not warn about file permissions, secret leakage, backups, logs, or source-control exposure. This increases the likelihood of credential compromise, which could allow unauthorized API usage, account abuse, or bot takeover.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The guide instructs users to create Calendar OAuth credentials with broad calendar scope and to retain the JSON credential material, but it does not warn against insecure storage or explain the privacy implications of calendar read/write access. If these credentials are stored carelessly or shared, an attacker could read, modify, or delete calendar events and impersonate the calendar client.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation shows API keys being placed directly into JSON config files and later bot tokens are configured similarly, without a clear warning that these secrets must not be committed, pasted into shared terminals, or left in plaintext on disk. Exposed API keys or bot tokens could allow unauthorized API usage, billing abuse, bot takeover, or data exfiltration through the integrated channels.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The guide enables web search and chat platform integrations without warning that prompts, schedules, and other user content may be sent to third-party services such as Google, Discord, or Telegram. In a study-planner context, this can expose personal routines, goals, and possibly sensitive account-linked metadata to external providers without informed user consent.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger guidance includes broad invocation patterns such as generic slash commands and help-like commands that can overlap with normal platform interactions. In a skill that can read calendars, write calendar events, modify local files/SQLite state, and send notifications, unintended invocation can trigger privacy-sensitive reads or side-effectful workflows without sufficiently clear user intent.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises planning functionality but does not present a concise upfront warning that it will access Google Calendar, write calendar events, create/update local files and a SQLite database, and send Discord/Telegram notifications. For a tool with persistent state and external integrations, inadequate disclosure increases the risk of users authorizing actions without understanding the scope of data access and side effects.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The cron-job section instructs ongoing automated monitoring of calendar data and the local study database, plus outbound Discord notifications, without a clear prominent warning that this surveillance is continuous and autonomous. Because these jobs run repeatedly and can expose scheduling details through notifications, the lack of explicit user-facing disclosure and opt-in materially raises privacy and consent risks.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: A broad trigger such as any study-planning-related request can cause the skill to activate outside the user's intended scope, potentially reading files, querying calendars, or initiating workflow steps for generic messages. This increases the chance of over-collection and unintended side effects from ambiguous prompts or channel noise.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The workflow states that daily reminders and weekly reports are delivered to Discord automatically, but does not present a clear user-facing warning or consent flow in this file before enabling such disclosures. Automated outbound messaging based on calendar and study-history data can leak sensitive timing, habits, and progress information to a third-party channel.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The cron prompts instruct the agent to gather detailed calendar contents, session history, vocabulary status, completion rates, weak areas, and possible conflicts, then transmit summaries and alerts to Discord. This is dangerous because it operationalizes continuous collection and external disclosure of personal productivity and schedule data, potentially including sensitive event names and behavioral patterns.

External Script Fetching

High

Category: Supply Chain
Content: ### Option A: One-line install (recommended) ```bash curl -fsSL https://get.openclaw.dev | bash ``` ### Option B: npm global install
Confidence: 98% confidence
Finding: curl -fsSL https://get.openclaw.dev | bash

External Script Fetching

High

Category: Supply Chain
Content: ```bash # 1. Install OpenClaw curl -fsSL https://get.openclaw.dev | bash # 2. Run setup wizard (configures API key + model) openclaw config
Confidence: 98% confidence
Finding: curl -fsSL https://get.openclaw.dev | bash

Chaining Abuse

High

Category: Tool Misuse
Content: ### Option A: One-line install (recommended) ```bash curl -fsSL https://get.openclaw.dev | bash ``` ### Option B: npm global install
Confidence: 97% confidence
Finding: | bash

Chaining Abuse

High

Category: Tool Misuse
Content: ```bash # 1. Install OpenClaw curl -fsSL https://get.openclaw.dev | bash # 2. Run setup wizard (configures API key + model) openclaw config
Confidence: 97% confidence
Finding: | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal