Is openclaw-training-manager safe?

https://clawhub.ai/anova44/openclaw-training-manager

52
CAUTION

This skill is an empty shell containing no SKILL.md content, no source code, and no package.json — only a lock file referencing an unaudited dependency skill ('academic-research-hub'). Installation failed due to rate limiting, meaning this audit operates on incomplete evidence. The combination of an empty wrapper with a mismatched transitive dependency is a known supply-chain attack pattern and warrants caution.

Category Scores

Prompt Injection 50/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 50/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 15/100 · 5%

Findings (6)

HIGH Empty skill with undeclared transitive dependency -50

The skill contains no SKILL.md content, no package.json, and no source code. The only substantive file is .clawhub/lock.json which references a dependency skill 'academic-research-hub' (v0.1.0). This dependency was not fetched or audited. An empty wrapper skill that pulls in an unaudited dependency is a known supply-chain attack vector — the wrapper passes shallow review while the real payload lives in the dependency.

HIGH Empty SKILL.md prevents functional assessment -50

SKILL.md is completely empty. For a published skill claiming to be a 'training manager', the absence of any prompt content, instructions, or declared capabilities is highly anomalous. This could indicate: (1) the skill was never properly built, (2) the full content failed to download due to the rate limit error, or (3) the skill intentionally omits a SKILL.md to avoid prompt-level analysis while relying on a dependency skill to inject the actual prompt payload.

MEDIUM Installation failed — incomplete evidence -50

The skill installation failed with 'Rate limit exceeded', meaning the full skill content may not have been downloaded. The audit is operating on potentially incomplete evidence. The extensive jiti cache activity in /tmp/ appears to be the CLI's own TypeScript transpilation rather than skill-initiated behavior, but the incomplete install means we cannot rule out that additional files would have been created on successful installation.

MEDIUM Skill name / dependency name mismatch -35

The skill is named 'openclaw-training-manager' but its sole dependency is 'academic-research-hub'. These names suggest different domains and purposes, raising questions about what this skill actually does and whether the naming is intentionally misleading.

INFO Canary files unmodified 0

All honeypot files (fake .env, SSH keys, AWS credentials) remained intact during the installation process. No evidence of credential harvesting.

INFO No executable code present -20

The skill contains no JavaScript, TypeScript, Python, or shell scripts. No package.json means no npm lifecycle scripts. No git hooks or gitattributes filters. The absence of any executable code is consistent with either a benign empty skill or one that delegates all behavior to its dependency.