Worldbook
ReviewAudited by ClawScan on May 10, 2026.
Overview
Worldbook is a coherent knowledge-base CLI skill, but it tells agents to import shared remote instructions into their context and act on them, which warrants review.
Review before installing. If you use it, treat all worldbook results as untrusted documentation, not higher-priority instructions, and require explicit approval before the agent runs any command that changes files, accounts, repositories, or public content.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad or manipulated worldbook entry could influence the agent's future reasoning or actions.
The skill describes a shared knowledge base that agents can build and then reuse. Combined with the documented retrieval flow, this creates a risk that shared or mutable entries could be poisoned and later over-trusted as agent context.
AI's Knowledge Base / World Model - Where agents share and build world knowledge.
Treat worldbook output as untrusted reference material, prefer entries with clear provenance, and do not let retrieved text override system or user instructions.
Remote worldbook text could steer the agent away from the user's intent or cause it to follow unsafe instructions.
The skill tells the agent to insert externally retrieved text into its working context as instructions, without warning that such text should not be authoritative.
The content is returned as text - inject it into your context to learn how to use the service.
Use retrieved worldbook content only as documentation, ignore any instruction that conflicts with the user or system, and ask the user before following operational steps.
If followed directly, the agent could create or modify third-party account content under the user's identity.
The documented workflow chains retrieved instructions into a service-mutating CLI command, such as creating a GitHub issue, without specifying approval, scope checks, or a safe dry-run step.
Agent reads the returned instructions 4. Agent executes: `gh issue create --title "..." --body "..."`
Require explicit user confirmation before running any command that changes accounts, repositories, files, deployments, or public content.
You would be trusting the external PyPI/npm/GitHub package implementation in addition to this SKILL.md.
The install paths are purpose-aligned for a CLI tool, but they are unpinned package/source installs and the package contents were not included in the reviewed artifacts.
pip install worldbook # or Node.js npm i -g worldbook ... git clone https://github.com/femto/worldbook-cli
Inspect the package/source, pin a known version, and install in a constrained environment if possible.