Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Openclaw Skill Intelligence Ingestion
v1.0.0Auto-analyze URLs/info for OpenClaw strategic value, classify, create Obsidian notes, update memory. Use when user shares a URL, article, tweet, or any exter...
⭐ 0· 493·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's stated purpose (ingest URLs, classify, create Obsidian notes, update memory) aligns with actions described in SKILL.md, but the manifest declares no required config paths or credentials while the runtime instructions explicitly read and write specific local files (/Volumes/T7 Shield/Obsidian_Vault/..., ~/.openclaw/workspace/memory/YYYY-MM-DD.md) and reference internal docs (MEMORY.md, SOUL.md, PRINCIPLES.md, AGENTS.md, TOOLS.md). The missing declaration of filesystem/config access is an incoherence: either the skill should declare those config paths/permissions, or the instructions should not assume arbitrary filesystem access.
Instruction Scope
SKILL.md gives explicit runtime instructions to: fetch and read arbitrary URLs (ok for purpose), search the web for tweet content if parsing fails, read internal project files for 'Active Engineering Bottleneck', create notes at a fixed absolute path on a mounted volume, and always append to local memory logs. It also instructs 'Do NOT ask for permission — just process it.' That directive to act without user consent is out of scope for a benign skill and increases risk because it will perform network fetches and local file writes automatically when triggered.
Install Mechanism
No install spec and no code files executed at install time—this is instruction-only, which reduces attack surface from installers or remote downloads. There are local repository files (README, index.html) but no runtime install procedure declared.
Credentials
The skill declares no required environment variables or primary credential, but its instructions require access to sensitive local artifacts (MEMORY.md, workspace memory files, SOUL.md, etc.) and an external mounted vault path. Requesting no credentials/config while expecting to read and write these specific files is disproportionate and an transparency gap. There are no network endpoints beyond fetching user-provided URLs, but the file access itself is significant.
Persistence & Privilege
always:false and user-invocable:true are reasonable, but the SKILL.md explicitly directs the agent to "execute this pipeline automatically" and not ask for permission when a trigger condition occurs. Combined with autonomous invocation being allowed by default, this creates a scenario where the skill may autonomously fetch data and modify local files without explicit user confirmation. The skill does not request to persist settings across agents, but its behavior of updating memory and vault files is persistent in the user's environment and should require explicit consent/configuration.
What to consider before installing
This skill's goals (automatically turn shared URLs into Obsidian notes and memory entries) are reasonable, but there are important mismatches you should address before installing:
- The SKILL.md assumes read/write access to these local locations: /Volumes/T7 Shield/Obsidian_Vault/... and ~/.openclaw/workspace/memory/YYYY-MM-DD.md plus internal files like MEMORY.md, SOUL.md, PRINCIPLES.md. The manifest declares none of these as required config paths—confirm you are comfortable with the skill reading/writing those exact paths.
- The skill instructs the agent to "Do NOT ask for permission — just process it." If you want manual control, edit the SKILL.md or the skill config to require explicit user confirmation before fetching URLs or writing files. Otherwise the agent may autonomously fetch external content and modify local files whenever trigger phrases or URLs appear.
- Because the skill writes persistent data, test it first with a disposable vault path and non-sensitive memory files to confirm behavior (and confirm filename formatting and deduplication logic). Back up your Obsidian vault before use.
- Prefer explicit config: require the user to set the Obsidian vault path and memory path via config (declared in requires.config or requires.config_paths), and remove the instruction to skip permission prompts.
- If you allow it to run autonomously, run it in a least-privileged agent account or sandbox to limit risk of unwanted mass changes or accidental data exposure.
If you want, I can produce a suggested safer SKILL.md patch that: (a) makes the vault/memory paths configurable, (b) requires explicit user confirmation before performing writes, and (c) documents required config paths and consent prompts. This would make the skill coherent and safer to install.Like a lobster shell, security has layers — review code before you run it.
latestvk97fjf3pgj3pt7eq6j3c6n9czh81ps6p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.