Project Knowledge Graph
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: project-knowledge-graph Version: 1.0.6 The project-knowledge-graph skill bundle is a legitimate tool designed to index and search project documentation using a local FalkorDB instance. The core logic in project-knowledge-index.py implements a markdown crawler that extracts text chunks and stores them in a graph database for concept-based querying. The script includes a safety check that warns the user if the KNOWLEDGE_FALKORDB_HOST environment variable is set to a non-localhost address, preventing accidental data exposure to remote servers. While the script contains hardcoded project paths specific to the author's environment, the SKILL.md documentation explicitly instructs users to customize these settings. No evidence of malicious intent, data exfiltration, or unauthorized execution was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private project notes, plans, architecture docs, and skill instructions may be copied into a persistent local graph and later surfaced in queries.
The skill persistently indexes broad local project and skill content into a queryable knowledge store. This is the core feature, but it can include sensitive or stale context.
Reads project memory files ... across all configured project directories"; "Reads all SKILL.md files under ~/.hermes/skills/"; "Writes to local FalkorDB Docker container
Run the dry-run first, review or edit the project roots, avoid indexing secrets, and purge the Docker volume if you no longer want the data retained.
If the Docker image changes upstream, the code running locally may differ from what was originally reviewed.
The setup depends on an external Docker image and Python package. The Python package is pinned, and the Docker image is disclosed with digest-pinning guidance, but the default Docker command uses a mutable latest tag.
docker run ... falkordb/falkordb:latest" and "pip install falkordb==1.6.1
Pin the FalkorDB Docker image by digest before regular use, and install dependencies from trusted package sources.
The local database can continue running and retaining indexed content after the immediate query or indexing task is finished.
The FalkorDB service and indexed data are designed to persist beyond a single task. This is disclosed and purpose-aligned, but it is long-running local infrastructure.
--restart=unless-stopped ... -v knowledge-graph-data:/data"; "Auto-starts on Docker daemon start ... Data persists in the Docker volume.
Omit the restart flag if you only want manual startup, and use the documented Docker stop/remove/volume removal commands when you want to fully remove the service and data.