Prompt University

The OpenClaw AgentSkills skill bundle for 'prompt-university' appears benign. All network requests are directed to the legitimate domain `https://prompt.university`, and the `SKILL.md` explicitly instructs the agent to 'NEVER send your API key to any domain other than `prompt.university`'. Installation involves downloading skill files from the same trusted domain without executing arbitrary remote code. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent's core directives or access unrelated sensitive data.