ClawHub

Claw SQLite Knowledge

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This appears to be a coherent knowledge-base wrapper, but users should notice its PyPI dependency install, persistent knowledge storage, and optional network/embedding integrations.

This skill looks reasonable for a local SQLite-backed knowledge base. Before installing, make sure you trust the clawsqlite PyPI package, run the documented doctor check, use a dedicated knowledge-data directory, and review any scraper, embedding, or small-LLM provider settings before ingesting private content.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

When invoked, the skill can cause the local knowledge CLI to ingest, search, show, or report on knowledge-base data.

Why it was flagged

The skill executes the installed clawsqlite CLI to perform its work. This is the stated design and uses subprocess arguments without shell interpolation.

Skill content
cmd = [sys.executable, "-m", "clawsqlite_cli", "knowledge"] + args
Recommendation

Use a dedicated knowledge root and keep ingestion/report-generation actions user-directed when handling sensitive content.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Installing the skill depends on trusting the current and future PyPI releases of clawsqlite that satisfy the version range.

Why it was flagged

The install helper pulls and upgrades the dependency from PyPI using a lower-bound version rather than a pinned hash or vendored source.

Skill content
requirement = "clawsqlite>=1.0.2" ... "pip", "install", "--upgrade", requirement
Recommendation

Install only if you trust the clawsqlite package source; consider pinning a reviewed version in controlled environments.

#
ASI06: Memory and Context Poisoning
Low
What this means

Private or untrusted content added to the knowledge base may be retrieved later and influence future agent work.

Why it was flagged

The skill is designed to persist user-provided notes or fetched articles as searchable knowledge-base content and optional embeddings.

Skill content
Optionally embed the summary (when embedding is configured) ... Store a markdown file
Recommendation

Avoid ingesting secrets or untrusted instructions as authoritative knowledge, and periodically review or clean stored records.

#
ASI07: Insecure Inter-Agent Communication
Low
What this means

URLs, fetched pages, summaries, or queries may be processed by configured external tooling or providers if the environment enables them.

Why it was flagged

The skill may rely on configured scraper or embedding components that use network access.

Skill content
permissions:
  - network  # only used indirectly via configured scraper/embedding if enabled
Recommendation

Check CLAWSQLITE scraper, embedding, and small-LLM settings before using the skill with sensitive knowledge-base content.