Ai Course Agent
Security checks across malware telemetry and agentic risk
Overview
The course-generation purpose is coherent, but the skill embeds a billing API key, sends Edustem credentials to a hardcoded ngrok endpoint, and can charge SkillPay before generation succeeds.
Only use this skill if you trust the publisher, can verify the Edustem endpoint, and understand the SkillPay charges. Avoid entering real Edustem credentials until the API host is confirmed, and ensure any integration passes a real authenticated user ID rather than relying on the default.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the package can see and potentially reuse the billing credential, which could affect SkillPay charging or payment-link behavior outside the intended skill flow.
The SkillPay API key and skill identifier are hardcoded in the distributed source and used as authorization for billing API calls.
const apiKey = 'sk_ee2a...'; const skillId = '476d912d-...';
Rotate the exposed key, move billing credentials to a server-side secret store, and use scoped/signed billing requests rather than shipping the API key in the skill.
If that tunnel is not the trusted Edustem service, the user's Edustem account credentials could be exposed to an unknown endpoint.
The user-provided Edustem username and password are sent to a fixed ngrok-free.app endpoint rather than a clearly documented official Edustem domain.
const API_BASE_URL = "https://6bb95bf119bf.ngrok-free.app/api/v1"; ... form.append("username", username); form.append("password", password);Verify and document the official Edustem API host, allow users to configure or approve the endpoint, and prefer scoped API tokens or OAuth over raw passwords.
Charges or balances may be attributed to the wrong or shared SkillPay identity if an integration forgets to pass the actual user ID.
Billing identity defaults to a shared string if the caller does not supply a real authenticated user ID.
userId: string = 'default_user'
Make userId mandatory, fail closed when it is missing, and bind billing to a verified authenticated user identity.
A user may lose a token even when course generation later fails, and no refund or rollback path is shown.
The skill charges through SkillPay before validating credentials, logging in, creating the lesson plan, or confirming that generation succeeded.
const billing = await handleBilling(userId); ... // Step 2: Login to Edustem API
Charge only after successful generation, reserve then capture with rollback, or clearly require user approval for a non-refundable pre-charge.
The install or registry view may not warn users that the skill needs Edustem account credentials.
Registry metadata does not declare required credentials, while SKILL.md declares EDUSTEM_USERNAME and EDUSTEM_PASSWORD as required secret env vars.
Required env vars: none ... Primary credential: none
Align registry metadata with SKILL.md so required credentials are visible before installation.