ClawHub

Personal Knowledge Base Lite

v1.0.0

Local file knowledge base with LLM-powered indexing and Q&A. Scans a directory for documents (.txt, .md, .pdf, .docx, .xlsx, .csv), extracts metadata (summar...

1· 135·0 current·0 all-time
by@congshengwu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (local KB, indexing PDFs/DOCX/XLSX/CSV/md/txt) aligns with required binaries (python3) and the listed Python packages (pdfplumber, python-docx, openpyxl) which are appropriate for parsing those formats. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions explicitly read/write .kb-config.json and .kb-meta.json and scan a user-provided WATCH_DIR using find/stat/wc; this is appropriate for indexing. However, because the tool asks the user for an absolute path and will operate on any path provided, the user must avoid pointing it at sensitive system or home directories. There are no instructions to transmit data externally, but the agent’s Read/Write tools and LLM summarization will access file contents.
Install Mechanism
The install entries list pdfplumber, python-docx, and openpyxl — reasonable for the stated task and typically obtained from PyPI. The install kind is labeled 'uv', which is nonstandard/ambiguous in this manifest (not a well-known installer name like 'pip' or a direct GitHub release); clarify the install mechanism before installing so you know what will be fetched and executed.
Credentials
The skill requests no environment variables, credentials, or external tokens. It only reads/writes local config and metadata files in the working directory and WATCH_DIR, which is proportionate to a local KB.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide changes or other skills' configurations. It writes its own .kb-config.json/.kb-meta.json only. Autonomous invocation is allowed by default (normal for skills) but not otherwise elevated.
Assessment
This skill appears to do what it says: build a local index and answer questions from files. Before installing: - Do not point WATCH_DIR to system folders, your home directory, or any location containing secrets; create a dedicated directory with only the documents you want indexed. - Confirm what the installer 'uv' actually does (ask the publisher or registry) and prefer installing known packages via pip from PyPI or in a virtual environment. Review package sources/version and hashes if possible. - Run the skill in a sandboxed environment or VM first so indexing/writes can't affect important files. - Be aware the agent will read file contents to generate summaries — treat that as sensitive access and restrict who can invoke the skill. If you need stricter guarantees (no accidental data reads), require manual invocation and review the config before running. - If the registry/homepage/author is unknown, ask the publisher for provenance or source code before granting any automated install rights.

Like a lobster shell, security has layers — review code before you run it.

latestvk972q7d3nbmhrvn1d3vv92eb3h83e6y3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis
Binspython3

Install

uvuv tool install pdfplumber
uvuv tool install python-docx
uvuv tool install openpyxl

Comments