Back to skill
Skillv0.3.0
VirusTotal security
Learning Coach · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:17 AM
- Hash
- 57860de50046d155398d1fb8ca1b4f1ee4bd5a8bf372a85a56b9360781ab501b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: learning-coach Version: 0.3.0 The skill bundle implements high-risk capabilities including automated persistence via crontab modification (setup_cron.py) and global software installation using 'npm install -g' (bootstrap.py). While these actions are aligned with the stated purpose of an autonomous 'Learning Coach' and include instructions for user consent, they provide a significant footprint for potential abuse. Additionally, source_ingest.py performs unvalidated network requests via urllib.request, which could be exploited for SSRF if the agent is directed to malicious RSS feeds.
- External report
- View on VirusTotal