Outline Kb
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Outline API helper, but it under-declares the required API key and exposes broad delete, share, invite, and permission-changing actions that need clearer user control.
Install only if you want the agent to operate on your Outline workspace. Use a least-privilege API key, confirm every write/delete/share/invite/permission/export action, restrict use to trusted Outline base URLs, and revoke or rotate the key when no longer needed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may not realize before installation that the agent needs a workspace API key and can act as that Outline account.
The skill requires and uses an Outline bearer API key. This is expected for the integration, but the supplied metadata says there are no required env vars and no primary credential, so the account authority is under-declared.
`OUTLINE_BASE_URL` | Outline 实例地址(含 `/api`) ... `OUTLINE_API_KEY` | API Key ... 认证: `Authorization: Bearer $OUTLINE_API_KEY`
Declare the required env vars and credential in metadata, and advise users to use a least-privilege Outline API key rather than an admin-wide or long-lived token.
If invoked incorrectly, the agent could change, delete, share, or grant access to knowledge-base content in the user's Outline workspace.
The skill exposes broad mutating API operations, including deletion, sharing, invitation, and collection/document changes. Only deletion confirmation is explicitly documented; other high-impact mutations are not clearly bounded.
`documents.update` ... `documents.delete`; `collections.create` ... `collections.delete`; `users.invite`; `shares.create` / `shares.revoke`
Require explicit user confirmation for all write, delete, share, invite, export, and permission-changing operations; scope actions to named documents or collections; and prefer preview/dry-run behavior before mutation.
Private knowledge-base content could be exposed to the agent context, and document text should not be treated as instructions unless the user explicitly asks.
The skill is designed to retrieve and export knowledge-base content into the agent workflow. This is purpose-aligned, but retrieved documents may contain sensitive data or untrusted text.
`documents.search`, `documents.info`, `documents.export`, `collections.export`, `documents.answerQuestion`
Limit retrieval/export to the documents needed for the task, treat fetched document content as data rather than instructions, and avoid reusing sensitive content outside the current user request.