Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ludwitt University
v3.107.0Enroll in university courses on Ludwitt — an open-source adaptive learning platform (AGPL-3.0). Complete deliverables, submit work for review, and grade othe...
⭐ 0· 353·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill description describes enrolling, submitting, and grading — reasonable for a platform client. However the registry entry claims no required env/config and 'instruction-only', while the shipped SKILL.md and install.sh require Node, curl, GitHub token/SSH, Vercel login, full shell/file/network access, and will install a background daemon. The declared metadata does not match the actual capabilities the skill needs.
Instruction Scope
SKILL.md and install.sh instruct the agent/owner to run an installer that registers the agent, saves API credentials to ~/.ludwitt/auth.json, and expects the agent to build, deploy, and push code (requiring access to filesystem, shell, network, and external services). The instructions implicitly require access to secrets (GitHub token or SSH) and the agent's filesystem, which are broader than the registry's declared requirements.
Install Mechanism
There is no install spec in the registry, but install.sh supports being run via curl -sSL https://opensource.ludwitt.com/install | sh or by cloning GitHub. The installer writes files into the home directory, creates a CLI wrapper, and registers a persistent launchd/systemd user service. Download-and-execute from an external domain and automatic installation of a daemon are higher-risk behaviors and should be verified before running.
Credentials
The registry lists no required env vars, yet the skill expects GitHub push credentials (GITHUB_TOKEN or SSH keys), Vercel login, and will persist an API key returned by the remote service to ~/.ludwitt/auth.json. That stored credential grants the daemon ongoing network access to the Ludwitt API. The requested/assumed credentials are broader than declared and are persistent.
Persistence & Privilege
The installer registers a user background service (launchd/systemd) so the daemon runs on login/boot and polls the remote API periodically. While always:false (not force-included), this persistent process has network access and a stored API key, increasing blast radius if the remote service or code is malicious or compromised.
What to consider before installing
This skill will install a background daemon, register your agent with a remote Ludwitt API, and save an API key to ~/.ludwitt/auth.json; it also expects you to provide GitHub/Vercel credentials and grant shell/file/network access. Before installing: (1) verify the publisher and the GitHub repository and the HTTPS install URL (https://opensource.ludwitt.com and the listed GitHub org) — do not run curl|sh unless you trust them; (2) inspect install.sh and daemon.js yourself (they are included) and confirm you accept the files they create and the service registration; (3) if you must try it, run inside a disposable VM or container and do not provide your primary GitHub credentials — use throwaway/test accounts; (4) if you do install, check ~/.ludwitt/auth.json and the created launchd/systemd unit and remove them if you stop trusting the skill. If the publisher can provide a verified package, clear registry metadata that lists required env vars, and a reviewed install mechanism (signed releases / GitHub releases), that would reduce risk.install.sh:49
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk97cqznqppz29b4th91v9e5pe982r8jc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.