Back to skill

Security audit

Claw SQLite Knowledge

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed wrapper for installing and using a pinned local knowledge-base CLI, with no evidence of hidden or malicious behavior in the artifacts.

Install only if you want a local persistent knowledge base. Avoid ingesting sensitive text or private URLs unless you intend them to be stored in the configured knowledge instance, and review the pinned PyPI dependency/update path as you would for any CLI package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Missing User Warnings

Low
Confidence
88% confidence
Finding
This markdown file includes example commands for ingesting URLs and free text into a knowledge instance, and nearby text explains that the instance home lives under persistent workspace data. However, the usage section does not give a user-facing warning that supplied content and metadata will be written to persistent local storage, which could affect privacy or user data handling.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script deletes the local dependency target with rm -rf and then runs pip install, which modifies the filesystem and may download packages from the network. While there are error messages later in the script, there is no prior user-facing disclosure, confirmation, or comment warning that running this script will remove and recreate local dependencies.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The script chmods and invokes the local clawsqlite wrapper to validate execution and display subcommand help. This is subprocess execution in a code file, but there is no explicit comment or user-facing disclosure that the script will run the bundled CLI during bootstrap.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.