Boof
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Boof is mostly aligned with local document processing, but its script has unsafe path handling and may index more local markdown content than the user selected.
Use caution before installing. The skill appears intended for local document conversion and RAG, not credential theft or cloud exfiltration, but it should be patched before handling untrusted filenames. Use clean per-document output directories, verify the external dependencies, and remember that indexed document chunks may later be provided to the LLM.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously named local document or a crafted output path could cause the skill to run unintended Python code when converting the file.
The here-doc is not quoted, so Bash substitutes the user-controlled input file and output directory directly into Python source. Crafted paths containing quotes or newlines could alter the Python code executed under the user's account.
"$ODL_PYTHON" - 2>&1 <<PYEOF ... input_path=["$INPUT_FILE"], ... output_dir="$OUTPUT_DIR/",
Avoid processing untrusted filenames or paths until patched. Pass paths to Python via argv or environment variables, use a quoted here-doc, and JSON-escape or otherwise validate path values before use.
Queries intended for one document may retrieve chunks from other local documents, and those chunks may then be sent to the LLM during analysis.
The QMD collection is built from the whole output directory with a '*.md' mask, not only from the newly converted markdown file. In the shared default directory, prior converted documents can be included in a new collection.
DEFAULT_OUTPUT_DIR="${BOOF_OUTPUT_DIR:-$HOME/.openclaw/workspace/knowledge/boofed}" ... "$QMD_BIN" collection add "$(dirname "$MD_FILE")" --name "$COLLECTION" --mask "*.md"Index only the generated markdown file or use a separate per-document/per-collection output directory. Clearly document retention, deletion, and collection boundaries.
Future upstream changes or a compromised dependency could change what code or models run locally.
Setup relies on unpinned external package/source installs and later model downloads. This is expected for the stated local conversion/RAG purpose, but provenance and versions are not fixed.
~/.openclaw/tools/odl-env/bin/pip install -U opendataloader-pdf ... bun install -g https://github.com/tobi/qmd ... QMD downloads embedding and reranker models (~1–2GB total) on first query.
Pin package versions or commits, prefer checksums/lockfiles, and verify the upstream projects before installing.