Is exam safe?

https://clawhub.ai/ivangdavila/exam

88
SAFE

The 'exam' skill is a benign study preparation tool consisting entirely of markdown documentation and JSON metadata. It contains no executable code, no prompt injection attempts, no data exfiltration mechanisms, and no hidden instructions. The only minor concerns are an implicit suggestion to use cron for study reminders and the creation of persistent files in ~/exams/. All sensitive file reads during installation are attributable to the openclaw platform runtime, not the skill itself.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (5)

LOW Implicit cron execution suggestion -10

The SKILL.md contains the suggestion 'Remind me to study at 7pm daily (uses cron)', which could lead the agent to create crontab entries without explicit user confirmation of shell execution. This is a natural language instruction that implicitly grants shell/cron access.

LOW Persistent file storage in user home directory -15

The skill instructs the agent to create and maintain files under ~/exams/ including questions.jsonl, sessions.jsonl, performance.json, and flashcards.json. While benign in purpose, this creates persistent data stores that could accumulate user study content over time.

INFO Platform runtime reads sensitive files during install -15

The monitoring captured reads of .env, .aws/credentials, and auth-profiles.json during installation. These are attributable to the openclaw platform runtime bootstrap (jiti compilation, gateway lock), not the skill itself. No skill code triggered these reads.

INFO No executable code present 0

The skill consists entirely of markdown documentation files (SKILL.md, questions.md, flashcards.md, simulations.md, tracking.md) and JSON metadata. No executable code of any kind was found.

LOW Agent will process arbitrary user-provided study content -25

The skill's core workflow has the user providing source material (notes, textbook chapters, slides, documentation, past exams) for the agent to process. While this is the intended use case, the agent will be reading and analyzing potentially large amounts of user content, which is standard behavior but worth noting.