Vibe-Learning
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is coherent and purpose-aligned, but users should know it uses conversation context for web searches and creates a local HTML learning-feed file.
This skill appears safe and aligned with its stated purpose. Before installing, be aware that it may proactively create a learning feed when you seem to be waiting, use your current conversation context to perform web searches, and write a browser-viewable HTML file to the outputs folder.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may send search queries related to the current coding context to a web-search provider.
The skill explicitly relies on web search as part of its core workflow. This is purpose-aligned, but users should know the agent will perform external searches when the skill runs.
Use `web_search` to find content for each topic. Run 3-5 searches
Use the skill with non-sensitive project context, or ask the agent to keep search queries generic if the current work is confidential.
Running the skill can create or overwrite a local learning-feed HTML file at the specified output path.
The skill writes a standalone HTML output file and presents it to the user. The path is fixed and purpose-aligned, but it is still a local file-creation behavior.
Save it to `/mnt/user-data/outputs/vibe-learn-feed.html` and use `present_files`
If preserving prior generated feeds matters, rename or save the previous file before running the skill again.
The generated UI may depend on the contents and trustworthiness of the referenced frontend-design skill.
The skill depends on another local skill's instructions for UI design. This is relevant to the stated purpose, but it means output behavior can be influenced by a dependency not included in this skill's own manifest.
Read `/mnt/skills/public/frontend-design/SKILL.md` before designing the card UI
Keep the referenced frontend-design skill trusted and up to date, or remove this dependency if independent behavior is preferred.
Project names, technologies, or problem details discussed in chat could influence external search queries.
The skill derives web-search topics from the current conversation. This is necessary for context-aware recommendations, but it may expose aspects of the user's project context through search queries.
Look at the **current conversation history** ... Synthesize this into 2-4 **search topics**
Avoid invoking the skill in highly confidential conversations, or instruct it to strip proprietary names and use broad technology terms only.