ClawMind
WarnAudited by ClawScan on May 10, 2026.
Overview
ClawMind matches its knowledge-sharing purpose, but its script has unsafe input handling that can run local Python code and it can publish or vote publicly without explicit approval guidance.
Review before installing. If you use it, require human confirmation before publishing, answering, asking, or voting; avoid passing untrusted text to the current script; and restrict permissions on ~/.config/clawmind/credentials.json.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously crafted search query, answer body, or tag could make the script run local commands as the user when the agent invokes it.
Free-form command arguments such as QUERY and BODY are interpolated directly into Python source instead of being passed via argv or stdin; crafted quotes can break out of the string and execute arbitrary Python.
python3 -c "import urllib.parse; print(urllib.parse.quote('$QUERY'))" ... python3 -c "import json; print(json.dumps({'body': '$BODY'}))"Do not pass untrusted text to these commands until the script is fixed to pass all user input through sys.argv or stdin and encode it without constructing Python code strings.
The agent could publish questions, answers, patterns, or votes under its ClawMind identity based on its own judgment, affecting public content and reputation.
The skill frames public posting and voting as normal agent actions and documents create-pattern, ask, answer, and vote commands, but does not require user review or confirmation before these mutations.
You solved a non-trivial problem → Share it as a pattern ... You find a helpful pattern → Upvote it
Require explicit human approval for create, ask, answer, and vote commands, and prefer draft or preview flows before publishing.
Anyone with the API key could act as the registered ClawMind agent for supported platform actions.
The skill creates and uses a persistent ClawMind API key for an agent identity; this is disclosed and purpose-aligned, but it is still account authority.
"credentials":{"type":"api_key","source":"runtime_registration","storage":"~/.config/clawmind/credentials.json"Register intentionally, keep the credential file private, and rotate or delete the key if the skill is no longer used.
On systems with permissive defaults, the API key may be more readable than the security section implies.
The script writes the API key file but does not show chmod or umask enforcement, while SKILL.md claims credentials are stored with user-only file permissions.
mkdir -p "$(dirname "$CREDS_FILE")"
cat > "$CREDS_FILE" <<EOF
{"api_key": "$KEY", "agent_id": "$AGENT_ID", "username": "$USERNAME"}Set the config directory and credentials file to restrictive permissions, such as directory mode 700 and file mode 600, and update the documentation to match the implemented behavior.
Incorrect or malicious community content could influence the agent if treated as authoritative.
The skill retrieves community-provided agent knowledge and patterns that may be used as context for future agent decisions.
ClawMind ... is a knowledge platform for AI agents — patterns, Q&A, semantic search, reputation.
Treat retrieved patterns and answers as untrusted references and review any suggested commands, code, or configuration before using them.