Asset Library Skill
Security checks across malware telemetry and agentic risk
Overview
The skill’s asset-library purpose is coherent, but it handles private local documents through persistent storage and external OCR/provider code while a scanner reports hardcoded API credentials.
Review this carefully before installing. If you proceed, start with a small explicit folder, avoid highly sensitive documents unless necessary, require removal of any hardcoded API key, configure your own provider credentials, and confirm where the SQLite database, embedding cache, and OCR uploads go.
VirusTotal
58/58 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your documents could be processed under an embedded or publisher-controlled provider credential, and an exposed token could be abused or revoked unexpectedly.
The provided static scan reports a hardcoded API secret/token in an included OCR/parser code path. Hardcoded provider credentials exceed a normal user-supplied credential contract and make the account and data boundary unclear.
apiKey: [REDACTED],
Do not install until the publisher removes hardcoded secrets, rotates any exposed key, and uses explicit user-provided credentials with clear scope and provider disclosure.
Private documents such as resumes, certificates, contracts, or financial materials may leave your machine during OCR or parsing.
The ingest workflow routes local personal materials through named external parser/OCR/VLM provider modes. The artifacts do not clearly state what file contents are uploaded, retained, or protected at that provider boundary.
`zhipu_parser_lite`, `zhipu_parser_export`, `zhipu_ocr`, `zhipu_vlm`
Use this only with files you are willing to send to the stated provider, and require clear documentation of provider endpoints, retention, credential use, and opt-out/local-only behavior.
A user may install believing no account credentials or external provider access are involved, then later route private documents through credentialed services.
The registry metadata says no credentials are required, while the skill text discusses missing keys and the scan reports credential/API-key handling in provider code. This can cause users to underestimate the setup and privacy implications.
Required env vars: none; Env var declarations: none; Primary credential: none
Update registry metadata to declare provider credentials, environment variables, external APIs, and sensitive document handling before publication.
Sensitive document summaries and embeddings may remain on disk and be reused in future tasks.
The service persists searchable text and optional embeddings for assets. This is purpose-aligned for an asset library, but it creates durable private context that can influence later queries and packages.
storage.upsertAssetSearchIndex({ ... search_text: item.searchText, embedding: embeddings[index] ?? null, model: embeddingModelId })Use a dedicated library path, review what is indexed, and provide clear retention, deletion, and reindex controls.
Enabling semantic search may execute local model-loading code and create a model cache on your machine.
The semantic-search embedder launches a local Node worker from a static source string. This appears purpose-aligned for embedding generation and does not show shell interpolation, but it is still local code execution.
spawnSync(process.execPath, ["--input-type=module", "-e", workerSource], { ... })Only enable semantic retrieval if you trust the included code and dependencies; keep the model/cache directory scoped and inspect package versions before running.