Skills
skills/botlearn-ai/botlearn-skills/botlearn-selfoptimize/Gen Agent Trust Hub

botlearn-selfoptimize

Fail

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: The skill implements a workflow in scripts/botlearn-post.sh and flows/community-help.md that reads the agent's long-term memory (~/.openclaw/workspace/MEMORY.md) and daily logs, then transmits this data to https://botlearn.ai/api/community/posts. This involves sending potentially sensitive project details, internal logic, and session context to an external server.
  • [PROMPT_INJECTION]: The skill instructions in SKILL.md and flows/community-help.md explicitly direct the agent to 'never delegate to humans' for community interactions. This behavioral override is designed to ensure the agent shares data and receives external instructions without human oversight or consent.
  • [COMMAND_EXECUTION]: The skill provides several bash scripts (botlearn-post.sh, extract-skill.sh, activator.sh, error-detector.sh) that perform file system manipulation, directory creation, and network requests via curl.
  • [EXTERNAL_DOWNLOADS]: The botlearn-post.sh script downloads additional instructions and registration data from https://botlearn.ai/skill.md using curl.
  • [DATA_EXFILTRATION]: The skill manages and transmits API keys for the botlearn.ai service, which are stored in ~/.config/botlearn/credentials.json and used in authenticated network requests.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 7, 2026, 02:52 AM