Source Library
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is mostly a local knowledge-base skill, but its save path appears insufficiently bounded and it automatically creates persistent records of links you share.
Install only if you want shared links to become persistent local memory. Until the slug path handling is fixed, avoid using custom slugs from untrusted input and review the generated files under life/source and data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted slug could create directories or overwrite a summary.md file outside the source library under the user's local permissions.
The save function uses data.slug directly in a path join and then writes summary.md. Because SKILL.md documents a user/agent-supplied --slug option, a slug containing path traversal segments could escape the intended life/source directory unless later validation exists outside the provided visible code.
const slug = data.slug || slugify(name); const sourceDir = path.join(SOURCES_DIR, slug); ensureDir(sourceDir); ... fs.writeFileSync(summaryPath, content);
Reject absolute paths, '..', and path separators in slugs; slugify all supplied slugs; resolve the final path and verify it stays inside SOURCES_DIR before creating or writing files.
Links, summaries, decisions, and context from chats may remain available in future sessions through the local source library.
The skill intentionally creates persistent local memory from shared links and associated context. This is core to the purpose, but users should understand that private or sensitive URLs may be retained.
A persistent, searchable knowledge base built from everything the user shares... When the user shares **any URL**, without being asked:
Add user-visible controls for confirmation, exclusions, deletion, and retention, and avoid sharing secret or private URLs if you do not want them stored.
Running the included tests should only execute the local script, but modified or untrusted test arguments could become unsafe.
The shell execution is in the test harness and runs the local CLI with test-controlled arguments. It is not shown as part of normal skill operation, but shell execution is sensitive if arguments ever become untrusted.
const { execSync } = require('child_process');
return execSync(`node "${SCRIPT}" ${args}`, {Use spawnSync or execFileSync with an argument array instead of shell-string execSync.
Users or installers may not be warned ahead of time that Node.js is required to run the skill.
The skill depends on Node.js, while the registry requirements state no required binaries and no install spec. This is an under-declared setup requirement, not evidence of malicious behavior.
Requires Node.js 18+. Uses local markdown search for retrieval. No API keys needed. No external dependencies.
Declare Node.js as a required binary/version in metadata and keep SKILL.md, package.json, and registry versions aligned.