Skillv1.0.1

ClawScan security

Curriculum Designer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 6:05 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's files claim no credentials or dependencies, but the runtime script and SKILL.md clearly expect a YouTube API key, write checkpoint files in your home workspace, and source an external helper script — these mismatches merit caution before installing.
Guidance: Do not install or run this skill until the following are clarified and fixed: 1) The manifest should list the YOUTUBE_API_KEY and any other required credentials (and explain how Google Sheets creation is authorized). 2) The required system binaries (curl, python3, uuidgen) should be declared. 3) Inspect the referenced helper script (../../scripts/checkpoint-helpers.sh) before running — it is executed by the skill but is stored outside the skill folder and could run arbitrary code. 4) Confirm what the hard-coded GOG_FOLDER_ID is for and whether it points to your account or someone else’s; prefer a configurable folder or documented OAuth flow. 5) Review the remainder of the script (truncated portions) to ensure there are no unexpected network endpoints or exfiltration. If you still want to test it, run it in an isolated environment (non-privileged account, container) and supply only least-privilege credentials. If possible, ask the publisher for a homepage/source repo and an updated manifest that accurately declares env vars, binaries, and required config paths.

Review Dimensions

Purpose & Capability: concernThe skill describes designing curricula using real YouTube links, which legitimately requires a YouTube API key and network access. However the registry metadata declares no required env vars or binaries. The SKILL.md and curriculum-designer.sh both expect a YOUTUBE_API_KEY in ~/.openclaw/workspace/skills/curriculum-designer/.env and reference a Google Drive folder ID for sheet creation — these required credentials/configuration are not declared in the manifest, which is incoherent.
Instruction Scope: concernSKILL.md and the script write multiple checkpoint files under ~/.openclaw/workspace or ~/.openclaw/workspace/curriculum-designer-checkpoints/, perform network calls to YouTube (Data API and oEmbed), and the script sources '../../scripts/checkpoint-helpers.sh' (a helper outside the skill directory). Sourcing an external helper expands the execution scope beyond the skill and could run arbitrary code in that external file. The instructions also mention creating a Google Sheet (implying Google API/OAuth) though no Google credentials are declared.
Install Mechanism: noteThere is no install spec (instruction-only), which reduces exposure from remote downloads. However a shell script is included and intended to be executed; it will create files in your home workspace. No external downloads are present in the provided fragment, but the script relies on helper scripts located elsewhere in the workspace.
Credentials: concernThe runtime expects a YOUTUBE_API_KEY stored in a local .env file and uses a GOG_FOLDER_ID (Google Drive folder id) for sheet creation. The manifest declares no required env vars or credentials. Also, the script reads files from ~/.openclaw and creates checkpoints there — access to these paths should have been declared. Required binaries (curl, python3, uuidgen) are used but not listed in the skill metadata.
Persistence & Privilege: noteThe skill does not request 'always: true' and does not appear to alter other skills or global agent config. It does persist checkpoint and result files under the user's ~/.openclaw workspace, which is expected for its function but means it will leave artifacts on disk. The main privilege concern is sourcing a helper script outside the skill's own directory which increases its effective trust boundary.