ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Markdown Docs Full-Text Search

v1.0.2

Full-text search across structured Markdown documentation archives using SQLite FTS5. Use when you need to search large collections of Markdown articles that...

0· 402·0 current·0 all-time
by@carev01
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Markdown full‑text search) matches the included scripts and SKILL.md: indexing, FTS5 search, source URL extraction and CLI helpers. Minor naming artifacts reference 'competitor' and specific product names (e.g., Commvault) in code/comments, but this appears to be reuse of an implementation rather than a capability mismatch.
Instruction Scope
SKILL.md instructs only local operations (index a docs directory, run searches, view status/get articles). The scripts perform file I/O on the provided docs_dir, compute hashes, build/inspect a local SQLite DB, and parse text — they do not make network requests or read unrelated system files or environment variables.
Install Mechanism
No install spec is provided (instruction-only skill with included scripts). Nothing is downloaded or installed automatically by the skill; code is bundled and runs locally. This is the lowest-risk install model.
Credentials
The skill requests no environment variables, credentials, or config paths. All required inputs are user-supplied (a documentation directory and optional db path).
Persistence & Privilege
The skill is not always-enabled and does not modify other skills or system-wide agent settings. It writes a local SQLite DB (by default into the docs directory or working directory), which is appropriate for an indexing tool.
Assessment
This bundle appears to be a straightforward local Markdown indexing/search tool. Before installing/running: 1) Confirm you will point the tool at an intended docs directory — it will read all *.md files recursively and create a SQLite DB (e.g., competitor_docs.db) in or near that directory. 2) Note there are no network calls or credential requests in the code, so it does not exfiltrate secrets. 3) The included code references 'competitor' and product names in comments and _meta.json (slug/version mismatch with the registry metadata) — this is likely repurposed code and not a functional risk, but you may want to verify the source if provenance matters. 4) Ensure your Python runtime has SQLite built with FTS5; otherwise searches may fail. 5) If you run it against very large directories, expect disk and CPU usage while building the index. If you need further assurance, run the scripts in a controlled environment (a temporary directory or container) to observe behavior and output before pointing them at sensitive folders.

Like a lobster shell, security has layers — review code before you run it.

latestvk9735jg3jqprg6mvxe620errns81xb2s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments