Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Worldbook
v0.1.0AI's Knowledge Base CLI - Query and manage world knowledge for AI agents. Use when users want to search knowledge, add knowledge sources, or interact with th...
⭐ 2· 499·0 current·0 all-time
by@femto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is marketed as a CLI-first knowledge-base (worldbook) but the registry metadata declares no required binaries or install steps. SKILL.md assumes a worldbook CLI exists (and shows pip/npm/git install commands). Not declaring the CLI binary or an install spec in the skill metadata is an incoherence: either the skill should include/declare the CLI or it should be explicit that the skill is instruction-only and won't function without a separately installed package.
Instruction Scope
Runtime instructions tell agents to run 'worldbook get' and to 'inject' returned text into context. That means the agent will fetch and absorb arbitrary external instructions/text; the SKILL.md also recommends installing packages from PyPI/npm or cloning a GitHub repo. These steps can cause an agent to fetch and execute untrusted code or to incorporate unvetted instructions that could lead to undesired actions. The instructions do not include safety constraints or validation steps for external worldbook content.
Install Mechanism
There is no install spec in the skill metadata, but SKILL.md recommends installing 'worldbook' via pip, npm, or a git clone (https://github.com/femto/worldbook-cli). Suggesting package installs from public registries is common, but because the skill metadata omitted this dependency, it's not clear whether the platform or the user is expected to vet or sandbox those installs. Installing third-party CLI packages can execute arbitrary code on the host — the skill gives direct install commands without provenance/verification guidance.
Credentials
The skill declares no required environment variables, credentials, or config paths. There are no mismatched or excessive secret requests in the metadata or SKILL.md.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It uses default autonomous-invocation behavior (normal). The skill does not declare changes to other skills or system-wide config.
What to consider before installing
This skill is plausible for its stated purpose but has two practical risks you should consider before installing/using it: (1) The SKILL.md assumes and recommends installing a third‑party 'worldbook' CLI from PyPI/npm/GitHub, yet the skill metadata doesn't declare that dependency — verify the package and repository (author, release history, source code) before running any install. (2) The skill instructs agents to fetch external 'worldbook' documents and inject them into agent context; treat such external instructions as untrusted input. If you deploy this skill, restrict the agent from auto-installing packages or auto‑executing fetched instructions, run installs in a sandbox, review worldbook content before injection, and prefer pinned package versions or vetted sources. If you want to proceed, ask the publisher for the official package name, repository verification (checksums/signatures), and a declared required-binary/install spec in the metadata to remove the coherence gap.Like a lobster shell, security has layers — review code before you run it.
latestvk97djwzrgxvgy625jwzj4kwqcn81ph2y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.