ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Curriculum Generator

v1.0.0

Intelligent educational curriculum generation system with strict step enforcement and human escalation policies

2· 1.4k·7 current·7 all-time
byTara Singh Kharwad@tarasinghrajput
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description and SKILL.md align on curriculum generation, web searches, Excel output, and local storage. However, the registry metadata only declares 'node' as a required binary while README and SKILL.md instruct using Python (pandas, openpyxl) for Excel generation and recommend installing those Python packages. The skill also requires the separate neo-ddg-search skill (for web searches) but that dependency is not represented in the top-level requires.* fields, creating an inconsistency between claimed capabilities and declared runtime requirements.
Instruction Scope
The SKILL.md is detailed and scoped to curriculum gathering, research via neo-ddg-search, file output to ~/.openclaw/... and mandatory human escalation in certain cases. It does not instruct reading unrelated system files or requesting arbitrary credentials. It does require network access (to run web searches) and will store outputs and memory under the user's home directory as documented.
Install Mechanism
This is instruction-only (no install spec), which reduces install-time risk. However README suggests installation via clawhub/git and instructs installing Python packages (pip3 install pandas openpyxl) — those installs are not represented in the skill metadata. Absence of an explicit install spec means additional manual steps are required; those steps could change the runtime footprint if users follow them.
Credentials
The skill declares no environment variables or credentials, which is proportional to its stated purpose. It does depend on an external search skill (neo-ddg-search) and network connectivity to populate resource links. It will write to skill-specific directories under the user's home — expected for local memory and outputs. No unrelated secrets or unrelated service credentials are requested.
Persistence & Privilege
The skill does not request always:true and is user-invocable only (defaults), and its declared storage is limited to its own skill directory under ~/.openclaw. It does not instruct modifying other skills or system-wide settings. Background task execution is mentioned, which implies potential long-running activity — consider confirming how those tasks are scheduled and whether they run with limited privileges.
What to consider before installing
This skill appears to implement the curriculum-generator functionality, but there are inconsistencies you should review before installing: 1) The skill metadata only requires Node, yet the README and instructions reference Python 3 with pandas and openpyxl for Excel export — confirm whether Python and those packages are needed and install them in a controlled environment (virtualenv/container) if required. 2) It depends on a separate neo-ddg-search skill to perform web searches — verify that neo-ddg-search is trustworthy, because it will perform external web queries for resource links. 3) The skill will store memory and outputs under ~/.openclaw/skills/curriculum-generator/ — inspect those directories for sensitive data and consider restricting access or sandboxing. 4) Debug mode prints search queries and URLs verbatim; avoid enabling debug mode if you are concerned about exposing internal search terms. 5) Source/homepage are unknown and the README suggests installing from a GitHub repo owner different from the registry owner; prefer installing only from known, reviewed sources or require provenance before trusting it. If you proceed, run it in a sandbox (or container/VM), review any manual install commands (pip/git), and verify the neo-ddg-search dependency and network permissions first.

Like a lobster shell, security has layers — review code before you run it.

coursevk970aq58bxndgqzkftmnvg4s3580tdrkcurriculumvk970aq58bxndgqzkftmnvg4s3580tdrkeducationvk970aq58bxndgqzkftmnvg4s3580tdrklatestvk970aq58bxndgqzkftmnvg4s3580tdrk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode

Comments