Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
maple-structured-storage
v1.0.0结构化知识归档、索引、检索与反思补全。将周报、笔记、知识文档自动拆解为标准化主题目录结构,维护全量索引,支持快速检索与信息缺失追问。TRIGGER: 归档/存储/记录/保存周报笔记文档, 追加更新知识, 索引生成刷新更新, 结构化检索读取查询, 反思补充补全缺失信息, 结构化记忆, 结构化存储, 结构化总结, k...
⭐ 0· 55·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match what the SKILL.md specifies: breaking unstructured notes into topic folders, maintaining an index, supporting retrieval and reflective questions. Required resources (none) are proportionate to this purpose.
Instruction Scope
The instructions read, copy, write and move arbitrary files on the user's filesystem (source_path → storage_path, source_path/done). On first run the skill prompts for paths, but on subsequent runs it will read the stored .knowledge-config.json and may automatically traverse and process files. There are no explicit safeguards described (e.g., per-file confirmation, whitelist/blacklist of paths, or exclusion of system folders). This gives the skill broad discretion to access and relocate local files, which is coherent with the feature but risky if misconfigured.
Install Mechanism
Instruction-only skill with no install spec and no code files to run — minimal installer risk. Nothing is downloaded or written by an install step.
Credentials
The skill requests no environment variables, credentials, or external endpoints. It only uses local path configuration stored in .knowledge-config.json inside the skill directory, which is proportionate to a local archiving/indexing utility.
Persistence & Privilege
always:false (no forced global inclusion). Autonomous invocation is enabled by default (platform default), which means the agent could run the skill without an explicit user command in multi-step/autonomous flows — combined with the skill's ability to process files automatically this increases the blast radius if the agent has access to sensitive folders.
What to consider before installing
Before installing or enabling this skill: 1) Understand and control the source_path you provide — do not point it at system directories, home directory, or folders that may contain secrets. 2) Back up important files; the skill moves processed files to source_path/done, so misconfiguration can hide or relocate originals. 3) Inspect the created .knowledge-config.json (stored in the skill directory) so you know what will be processed on later runs. 4) Prefer manual invocation or require per-file confirmation if you have sensitive data; if the platform allows, disable autonomous invocation for this skill. 5) Be aware the skill preserves raw content (including API keys or server addresses found in meta/code files) — avoid archiving credentials, or ensure sensitive files are excluded. 6) If you need stronger guarantees, request the skill include explicit whitelist/blacklist rules, per-file confirmation prompts, and an option to keep originals instead of moving them.Like a lobster shell, security has layers — review code before you run it.
latestvk97a0wnvkm0gtkssze0vme22z584c9t1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis