ClawHub

LLM-WikiMind MCP Setup

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed setup guide for a local knowledge-base MCP server, with normal cautions around installing external code, local note access, and optional background syncing.

Install only if you trust the linked repository and the qmd dependency. Choose a narrow wiki folder, avoid adopting broad or sensitive note directories unless that is your intent, and enable the ~/.zshrc autostart only if you want the watcher to run automatically in future shell sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough to match ordinary requests about setting up a personal knowledge base, which can cause the skill to activate in contexts where the user did not explicitly request this specific repository or workflow. Because the skill performs installation and configuration steps, overbroad activation increases the chance of unintended repo cloning, package installation, and local system changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions direct the agent/user to modify persistent configuration and startup behavior, including MCP client configuration and shell startup via ~/.zshrc, without clear warnings or explicit consent checkpoints. This is dangerous because it can create lasting system changes, background execution, and automatic future behavior that outlives the current task, surprising users and expanding the blast radius of a mistaken install.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal