ClawHub

AI Customer Service KB Builder

PassAudited by VirusTotal on May 11, 2026.

Overview

Type: OpenClaw Skill Name: ai-customer-service Version: 1.0.0 The `ai-customer-service` skill, while appearing benign in its stated purpose, contains significant vulnerabilities in its `kb-builder.js` script. It is susceptible to path traversal due to direct use of user-provided file paths for read/write operations (e.g., `--file`, `--output`, `--kb` arguments to `fs.readFileSync` and `fs.writeFileSync`). Furthermore, the `scrapeFromURL` function fetches content from arbitrary URLs without validation, posing a Server-Side Request Forgery (SSRF) risk. These vulnerabilities could be exploited to access or modify local files outside the skill's intended scope or interact with internal network services, classifying the skill as suspicious.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note
ASI02: Tool Misuse and Exploitation
What this means

If given the wrong inputs, it could read a sensitive local document, contact an unintended website, or overwrite an output file.

Why it was flagged

The CLI reads a user-specified file, fetches a user-specified URL, and writes to a user-specified output path. This is expected for a KB builder, but users should ensure the paths and URLs are intentional.

Skill content
const content = fs.readFileSync(filePath, 'utf8'); ... client.get(url, (res) => { ... }); ... fs.writeFileSync(outputPath, JSON.stringify(kb, null, 2), 'utf8');
Recommendation

Use explicit trusted file paths and URLs, verify you are allowed to scrape the target site, and choose output paths that will not overwrite important files.

Note
ASI06: Memory and Context Poisoning
What this means

Incorrect, outdated, or manipulated FAQ content could be stored and later used to answer customers incorrectly.

Why it was flagged

The skill turns document or website content into a persistent knowledge base that may later influence automated customer replies. That is purpose-aligned, but the source content should be reviewed before reuse.

Skill content
Input FAQ documents or website URLs to automatically generate a knowledge base and configure auto-reply capabilities.
Recommendation

Review and edit the generated knowledge base before deploying it in any customer-facing automation, and prefer trusted source documents or websites.