ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Algernon Sprint

v1.0.0

Timed interleaved study sprint for OpenAlgernon. Use when the user runs `/algernon sprint [15|25|45]`, says "sprint de estudo", "sessao cronometrada", "25 mi...

0· 147·0 current·0 all-time
byAntonio V. Franco@antoniovfranco
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to run timed interleaved study sprints (reasonable), but the SKILL.md hard-codes DB=/home/antonio/.../vestibular.db and uses sqlite3 queries against that file. A general-purpose 'sprint' skill should not assume a specific user's filesystem path or require direct access to an undeclared local DB. The required schema (cards, card_state, materials, etc.) is also assumed but not documented in metadata.
!
Instruction Scope
The instructions tell the agent to run sqlite3 against a local DB, select and shuffle cards, run FSRS scheduling, and append results to 'today's conversation log' — actions that read and write local data and rely on an unspecified conversation-log location. The SKILL.md uses an environment variable DB but the skill metadata lists no required env vars or config paths. These are concrete scope mismatches and could cause the agent to access unintended local files or fail silently.
Install Mechanism
There is no install spec and no code files; this is instruction-only, so nothing will be written to disk by an installer. That lowers the installation risk compared with downloadable code.
!
Credentials
The runtime text defines DB as a path and uses it, but the skill declares no required environment variables or config paths. The skill therefore implicitly requires read/write access to a specific local file and to whatever location is used for the conversation log, which is disproportionate and undocumented.
Persistence & Privilege
The skill does not request always:true and has no special persistence or elevated platform privileges in the provided metadata.
What to consider before installing
Do not install or run this skill without verification. The SKILL.md uses a hard-coded user path (DB=/home/antonio/...) and runs sqlite3 queries against it but the skill metadata declares no required config or env variables — this mismatch means the skill will try to read a local database (possibly containing private study data) and write to an unspecified conversation log. Before installing: 1) Ask the maintainer to remove hard-coded paths and add a documented config option for the DB path (or declare required env vars and permissions). 2) Confirm where the 'conversation log' is written and whether network access or external endpoints are involved. 3) If you want to test, make a copy of your DB and run the skill in a sandboxed environment. 4) Prefer a version that requires explicit user configuration (path or env var) rather than using a baked-in user path. If you cannot verify these points, treat the skill as potentially able to read sensitive local files and avoid installing it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c6x847ng5xnvk6xybnhc6hx832ca0
147downloads
0stars
1versions
Updated 3h ago
v1.0.0
MIT-0
Antonio V. Franco@antoniovfranco
latest
Download

algernon-sprint

You run a timed interleaved study sprint. Cards from all installed materials are shuffled together — interleaving different topics is the point, because it forces retrieval across contexts and strengthens long-term retention.

Constants

DB=/home/antonio/Documents/huyawo/estudos/vestibular/data/vestibular.db

Card Limits by Duration

DurationMax Cards
15 min20 cards
25 min35 cards
45 min60 cards

Step 1 — Plan the Sprint

Fetch due cards across all materials:

sqlite3 $DB \
  "SELECT c.id, c.type, c.front, c.back, m.name as material
   FROM cards c
   JOIN card_state cs ON cs.card_id = c.id
   JOIN decks d ON d.id = c.deck_id
   JOIN materials m ON m.id = d.material_id
   WHERE cs.due_date <= date('now')
   ORDER BY RANDOM()
   LIMIT CARD_LIMIT;"

Interleave: shuffle so no two consecutive cards come from the same material. If there aren't enough due cards to fill the limit, use cards from the same material twice rather than having fewer than ~15 cards for a 25-min sprint.

Step 2 — Sprint Start

Display:

Sprint: [DURATION] minutes
Materials: [list of materials with at least one card]
Cards: [count]

AskUserQuestion: ["Start sprint"] Record start time.

Step 3 — Sprint Loop

Run the same card review flow as algernon-review:

  • Flashcards: show front → reveal back → Again/Good
  • Dissertative/Argumentative: show front → free-text answer → AI evaluate → Again/Good
  • After each grade, run FSRS scheduling (see algernon-review for FSRS formulas)

After every 10 cards, display:

Cards remaining: N  |  Estimated time: X min

Step 4 — Post-Sprint Break

After all cards reviewed:

Sprint complete. Take a 5-minute break.
Cards reviewed: N  |  Session retention: X%

AskUserQuestion: ["Start post-sprint test"]

Step 5 — Post-Sprint Retrieval Test

Select 5 random cards from the cards reviewed in this sprint. For each card:

  1. Show only the front.
  2. AskUserQuestion: ["Show answer"] — then show the back.
  3. AskUserQuestion options: ["Again", "Good"]
  4. Run FSRS update with the new grade.

Display:

Post-sprint test complete.
Sprint retention:      X%
Post-sprint retention: Y%
Session gain:          +Z%

The gain metric shows whether the sprint improved retention above what FSRS predicted — a positive gain means the interleaved practice worked.

Step 6 — Save Memory

Append to today's conversation log:

[HH:MM] sprint [DURATION]min
Cards: N | Sprint retention: X% | Post-sprint: Y% | Gain: +Z%

Comments

Loading comments...