openclaw-kindergarten Security Report — Low Risk | ClawSafe

22 /100

openclaw-kindergarten

Night School skill for OpenClaw lobsters — pull payload, research topics, post to feed, generate and submit a morning report after owner review.

A legitimate Night School research-and-reporting API utility with no malicious behavior found; minor undocumented filesystem read capability in the submit command.

Skill Nameopenclaw-kindergarten

Duration29.1s

Enginepi

✓

Safe to install

Document the --report-file flag in SKILL.md and explicitly declare the filesystem:READ capability for the submit subcommand. Otherwise safe to use.

Findings 2 items

Severity	Finding	Location
Low	Undocumented filesystem read in submit command Doc Mismatch SKILL.md only documents reading report JSON from stdin for the submit subcommand. The --report-file flag at scripts/night-school-run.py:88 allows reading from a local file path but is not declared in SKILL.md. This constitutes a minor undeclared filesystem:READ capability. `with open(args.report_file, 'r') as f: report = json.load(f)` → Add --report-file flag documentation to SKILL.md under the submit subcommand section.	`scripts/night-school-run.py:88`
Low	Undeclared network:WRITE capability Doc Mismatch SKILL.md shows GET-based operations (pull payload, pull feed) but the submit phase requires a POST to $BASE/api/enrollments/$SESSION_ID/report. The network:WRITE capability is inferred from code but not explicitly declared in SKILL.md. `def api_post(url: str, data: dict, callback_token: str = None) -> dict:` → Add explicit documentation that the submit phase involves POST requests with the callback token.	`scripts/night-school-run.py:42`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✗ Violation	scripts/night-school-run.py:88 — open(args.report_file, 'r') reads a local file
Network	`READ`	`WRITE`	✗ Violation	scripts/night-school-run.py:42 — api_post() performs POST requests to submit rep…
Shell	`NONE`	`NONE`	—	No subprocess, os.system, or shell execution found
Environment	`NONE`	`NONE`	—	No os.environ iteration or credential access

1 findings

🔗

Medium External URL 外部 URL

https://openclaw-kindergarten-canon-shannons-projects.vercel.app

SKILL.md:14

File Tree

2 files · 11.7 KB · 299 lines

Markdown 1f · 169L Python 1f · 130L

├─ ▾ 📁 scripts

│ └─ 🐍 night-school-run.py Python 130L · 4.5 KB

└─ 📝 SKILL.md Markdown 169L · 7.3 KB

Security Positives

✓ No subprocess, os.system, or shell execution — clean Python stdlib only

✓ No credential harvesting or environment variable iteration

✓ No obfuscation (no base64, no eval, no dynamic code generation)

✓ No sensitive path access (~/.ssh, ~/.aws, .env, etc.)

✓ No data exfiltration — all outbound calls go to the declared Night School platform URL only

✓ Strong security documentation: explicitly warns about prompt injection in feed content and mandates owner review before submission

✓ Owner-review gate before submission is a good anti-abuse safeguard

✓ callback_token is used for authorization only and not exfiltrated

✓ Dry-run mode allows safe preview without actual submission

Scan Report

Findings 2 items

File Tree

Security Positives