v1.0.0

OpenClaw Wiki Entry Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 1:04 PM.

Analysis

Review before installing: the skill is purpose-aligned for local wiki maintenance, but it can automatically rewrite, reclassify, and move local notes without an extra confirmation step.

GuidanceThis does not show malicious behavior or data exfiltration, but it is a high-trust local-file automation skill. Back up the vault, review Step 3 decisions and resulting diffs, confirm source-note status after metadata writeback, and only enable optional QMD recall with a trusted local binary.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Step 3 路径决策记录到自己当天日志后自行继续，不等待确认。

The path decision determines whether content is written to a new or existing wiki page, and the skill explicitly says not to wait for confirmation before continuing into mutating steps.

User impactA wrong agent routing decision could lead to wiki, metadata, and index changes before the user has approved that specific decision.

RecommendationUse only in a trusted vault, review the Step 3 decision and file diffs, and consider requiring operator confirmation before Step 4 or before content/index writeback.

Cascading Failures

SeverityMediumConfidenceHighStatusConcern

scripts/wiki_entry_meta_writeback.sh

# 5) 回写 source doc 的 graduated_to/status ... replace_line "$SOURCE_DOC" '^status:' 'status: graduated'

The metadata writeback script unconditionally marks the source document as graduated, which can propagate an incorrect completion state into later status, audit, and move steps.

User impactPartially processed notes could be marked complete and later moved out of the transit area, making unfinished knowledge harder to notice or recover.

RecommendationBefore using the workflow for partial entries, verify the source note status after metadata writeback and adjust the script so graduation only happens when the operator or workflow has confirmed full completion.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

scripts/_shared/query_history.sh

help="$($qmd_entry --help 2>/dev/null)" ... out="$($QMD_ENTRY search "$query" -c "$collection" -n 8 --files 2>/dev/null)"

If configured, the skill executes an external QMD CLI from an environment-provided path for local history search.

User impactA misconfigured or untrusted QMD executable would run with the agent's local permissions.

RecommendationOnly set WIKI_ENTRY_QMD_ENTRY to a trusted local executable, or leave it unset so the workflow skips QMD history search.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

references/workflow.md

记录到自己当天日志（memory/YYYY-MM-DD.md）... agent | 每日日志 + 长期记忆 | 记录本次入库操作

The workflow intentionally writes decision records and operational summaries into persistent logs and long-term memory.

User impactDetails about wiki-entry decisions and knowledge-base structure may persist across future agent sessions.

RecommendationKeep these logs in a trusted local location, review what is written to memory, and avoid recording sensitive source-note details unless needed.