Knowledge Management System
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only knowledge-management skill appears benign, with the main caution being not to put secrets or overly sensitive personnel details into generated documentation.
Safe to install as an instruction-only knowledge-management aid, but use it with normal internal-data hygiene: do not paste secrets, restrict who can read generated docs, get consent before recording interviews, and review sensitive runbooks before sharing them broadly.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If users paste real credentials into generated knowledge-base content, those secrets could become part of shared documentation.
The interview guide may cause the agent to collect or document access requirements. This is relevant to the skill’s purpose, but users should avoid providing actual passwords, tokens, private keys, or session details.
5. **Tools & access**: "What tools, credentials, or access do you need?"
Document roles, permission levels, tool names, and vault references instead of secret values. Redact passwords, API keys, private keys, and session tokens.
Internal process knowledge, employee information, or outdated instructions could be made searchable and reused by future users if the knowledge base is not governed.
The skill is designed to capture and maintain internal organizational knowledge, including named personnel and unique expertise. This is purpose-aligned, but it can create sensitive persistent records if stored broadly.
single_points_of_failure:
- person: "[Name]"
unique_knowledge: "[What only they know]"Apply access controls, define owners and review dates, avoid unnecessary personal details, and validate important runbooks before treating them as authoritative.