Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Knowledge Sync
v1.0.0Real-time knowledge base synchronization for AI assistants. Supports inotifywait file monitoring, Git auto-push/pull, Nutstore sync, and multi-device consist...
⭐ 0· 188·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (real-time sync, git backup, Nutstore/Gitee integration) match the scripts and SKILL.md. The scripts implement inotify-based sync and periodic git push behavior. Minor inconsistency: SKILL.md and README reference a git-auto-pull.sh script and a systemd unit (sync-realtime.service) but that pull script and any service unit file are not present in the repository; the git push/pull behavior is otherwise implemented by the included git-auto-push.sh and sync-realtime.sh.
Instruction Scope
Runtime instructions ask the user/agent to enable a user systemd service and schedule cron jobs; the included scripts operate only on workspace directories and copy files to Nutstore and Obsidian paths and perform git operations. They do not read unrelated system files. Important behavioral note: git-auto-push.sh runs git add -A and will automatically commit and push all workspace contents — this can inadvertently upload secrets or private files to the remote (Gitee) if present.
Install Mechanism
This is an instruction-only skill with two shell scripts included and no install spec. No downloads or third-party package installs are performed by the skill itself, which reduces supply-chain risk.
Credentials
The skill declares no required environment variables or credentials; however, it implicitly depends on Git credentials/configuration (SSH keys or credential helpers) and on user file paths (hardcoded /home/admin/...). It does not request remote tokens explicitly, but will use whatever git authentication is configured for the account running the scripts. Make sure Git/Nutstore/Gitee credentials are appropriate and scoped.
Persistence & Privilege
SKILL.md instructs running a long-running user systemd service and cron jobs (persistent presence on the host). The skill itself does not set always: true and does not modify other skills. Persistence is consistent with its purpose but you should review and control the service and crontab entries before enabling them.
Assessment
This skill implements a real-time file sync and periodic Git backup and is internally coherent, but review these before installing: 1) Automatic commits: git-auto-push.sh does git add -A and pushes to origin main — remove sensitive files from the workspace or add safe .gitignore rules and verify remotes before enabling to avoid accidental exfiltration. 2) Credentials: the scripts will use whatever Git/Nutstore/Gitee credentials are available to the user account; ensure those credentials are appropriate and use a dedicated account/key if possible. 3) Paths and missing files: scripts use hardcoded /home/admin paths; adjust WATCH_DIRS, WORKSPACE_DIR, NUTSTORE_DIR, and log paths to match your environment. SKILL.md/README mention git-auto-pull.sh and a systemd unit but those files are not included — you must create or review a service unit and any pull script you rely on. 4) Test first: run scripts manually in a safe test workspace to confirm behavior before enabling as a systemd service or adding cron jobs. If you want higher assurance, ask the maintainer for the missing service unit and pull script and for clearer instructions about required Git authentication and scope.Like a lobster shell, security has layers — review code before you run it.
latestvk97fvd8hrv9cqavhycc12zxf7d82ybqy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.