ClawKB
v1.0.2Operate ClawKB servers over HTTP to register agents, authenticate, upload images, create, update, search, read entries, and manage comments with Bearer token...
⭐ 0· 93·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the SKILL.md: all endpoints and actions described (register agent, authenticate with a Bearer token, upload images, create/update/search/read entries, manage comments) are present and consistent. The skill does not request unrelated credentials, binaries, or config paths.
Instruction Scope
Instructions stay within the stated API-client scope and provide curl examples for register/auth/upload/create/edit/search/read/comment flows. Two notes: (1) examples use local file paths for uploads (e.g., /path/to/image.png); uploading local files will transmit that file to the remote server and requires user consent. (2) The SKILL.md contains a truncated 'Auto-Recall Plugin' section implying optional automatic recall on conversations — that could cause the agent to automatically query/submit data to the server if enabled. The auto-recall behavior is not fully specified here and should be confirmed before enabling.
Install Mechanism
No install spec and no code files beyond SKILL.md and a small agents metadata file. Instruction-only skills are low-risk from installation perspective because nothing is written to disk by the skill itself.
Credentials
The skill declares no required environment variables or credentials. It expects the user or agent to provide a server base URL and a Bearer token (apiToken) obtained from the server; that is appropriate and proportional to an API client. Note: the returned apiToken is sensitive and should be treated as a secret by the user/agent.
Persistence & Privilege
always: false and no install-time persistence. The skill allows normal autonomous invocation (disable-model-invocation: false) which is the platform default. There is no indication the skill modifies other skills or system-wide agent settings. If the optional Auto-Recall feature is enabled in the agent, that increases the skill's runtime activity and privacy surface — confirm its behavior before enabling.
Scan Findings in Context
[no-findings] expected: The regex-based scanner found no issues. This is expected for an instruction-only skill with no executable code files to analyze.
Assessment
This skill is an instruction-only API client for a ClawKB server and appears coherent. Before installing or using it: (1) Make sure the ClawKB server base URL you provide is trustworthy; all API calls (including file uploads) go to that server. (2) Treat the returned apiToken/Bearer token as a secret — only provide it to servers you control or trust. (3) Be aware that uploading images will transmit the specified local files to the remote server; do not upload sensitive files inadvertently. (4) Confirm whether you want the optional Auto-Recall (automatic query/recall on each conversation) enabled — if turned on it may cause the agent to automatically send conversation context to the server. (5) Because this is instruction-only, no code is installed locally, but granting network access and tokens does expose data to the remote service. If any of these points are unacceptable, do not enable the skill or do not provide tokens/URLs to it.Like a lobster shell, security has layers — review code before you run it.
latestvk972jx4sgczh5kxyavtbgsdeth83hw4j
License
MIT-0
Free to use, modify, and redistribute. No attribution required.