Gno
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: gno Version: 1.2.0 The 'gno' skill bundle provides a comprehensive interface for a local semantic search and knowledge management engine. It follows security best practices by restricting the agent's execution environment to a specific command prefix (Bash(gno:*)) and provides clear, well-documented instructions for indexing, searching, and retrieving local documents. While it includes features for modifying AI client configurations (gno mcp install) and exporting data (gno publish export), these are explicitly stated features aligned with its purpose as a RAG (Retrieval-Augmented Generation) tool, and no evidence of malicious intent or prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved too broadly, the agent could change the local Gno index, tags, context, or integrations while performing document-search tasks.
The agent can invoke any `gno` subcommand, not just read-only searches. The documented command set includes indexing, tagging, cleanup/reset, MCP setup, publishing export, and skill installation, so users should treat Gno CLI calls as potentially mutating even though this is disclosed and aligned with the skill’s purpose.
allowed-tools: Bash(gno:*) Read
Use the skill for specific user-requested Gno tasks, review commands that install integrations, reset/cleanup data, modify tags/context, or publish/export content, and avoid blanket approval of high-impact commands.
Installing or updating the external Gno CLI gives that software local execution access on the host.
The skill depends on an externally installed CLI, including a remote shell installer and global package installation. This is normal for a CLI-driven skill, but the executable behavior is outside the provided artifact scan.
curl -fsSL https://gno.sh/install | bash # npm / Bun bun add -g @gmickel/gno # or: npm install -g @gmickel/gno
Install Gno only from trusted upstream sources, verify the package or installer before running it, and keep the CLI updated from the same trusted channel.
Sensitive local documents may become searchable by the agent, and stored context hints could bias future search results or answers.
Gno can index broad file patterns and store context hints that influence later search relevance. This is central to a local knowledge engine, but it means private documents and persistent retrieval hints can be reused across later tasks.
`--pattern <glob>` File pattern (default: `**/*`) ... `--exclude <paths>` Exclude patterns (default: `.git,node_modules`) ... `gno context add <scope> "<text>"`
Index only intended folders, use include/exclude patterns for secrets and private data, periodically review collections/context, and remove or reset indexes that should no longer be available.
After MCP installation, future AI sessions may continue to have Gno access until the MCP configuration is removed, and write-enabled mode may allow modifications through the MCP interface.
The skill documents installing Gno as an MCP server in AI client configurations, optionally with write tools. This is disclosed integration behavior, but it creates a persistent path for AI clients to access or modify Gno-managed data.
gno mcp install gno mcp install -t claude-code # With write tools enabled gno mcp install --enable-write
Install MCP only when needed, avoid `--enable-write` unless you specifically require it, check status after installation, and uninstall the MCP server when persistent access is no longer desired.