Llmwiki
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent personal knowledge-base skill, but it installs an external package and may send selected documents to your configured LLM API while optionally exposing agent/server and autonomous-worker features.
This skill appears purpose-aligned rather than suspicious. Before installing, verify the PyPI/GitHub package, use a dedicated LLM API key, ingest only documents you are comfortable sending to your configured LLM endpoint, and keep the optional HTTP/MCP server and autonomous worker limited to trusted local use.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package will run and later execute code that was not present in this review bundle.
The skill directs installation of an external PyPI package, while the provided artifact set contains only SKILL.md and no package code for review.
install: "pip install llmwiki"
Install from a trusted environment, verify the PyPI/GitHub source, and consider pinning the expected version before use.
Your LLM API key may be used to process documents you ingest and could incur provider charges.
The skill requires a user-supplied LLM provider credential, which is expected for this purpose but grants access to model usage and possibly billing.
LLMBASE_API_KEY ... "API key for any OpenAI-compatible LLM endpoint (user-supplied)"
Use a dedicated, least-privilege API key with spending limits where possible, and only configure endpoints you trust with your documents.
Private files you choose to ingest may become persistent, searchable wiki content and may be sent to the configured LLM API during processing.
The skill can ingest broad local document sets into a persistent knowledge base and later use that material for search, compilation, and answers.
`llmbase ingest dir <dir>` | Ingest all files from a directory
Ingest only intended directories, exclude sensitive files, and review generated wiki content before relying on it or exposing it to other agents.
If exposed to untrusted clients, agents could search, export, ingest into, or modify the knowledge base through these interfaces.
The skill optionally exposes the knowledge base through agent-facing HTTP and MCP interfaces; the artifact does not detail access controls or client trust boundaries.
`llmbase serve` | Agent HTTP API at :5556 ... `llmbase mcp` | Start MCP server (stdio)
Run the HTTP/MCP services only for trusted local clients, restrict network exposure, and review tool permissions in the client that mounts the server.
An attached agent could add or alter knowledge-base content if you allow it to call these tools.
Agent-facing tools can mutate the local knowledge base by ingesting, compiling, and healing content. This is aligned with the skill purpose but should be user-controlled.
Agents mounted on this server can ... ingest new material mid-session, and trigger healing.
Use agent approval prompts for ingest, compile, lint/heal, and export actions, especially when working with sensitive or important notes.
If enabled, the worker may continue changing the knowledge base after the initial setup without a command for each individual update.
The skill documents an opt-in worker that can keep learning, compiling, and running health checks on a schedule.
Autonomous mode (deploy once, server keeps learning)
Enable autonomous mode only intentionally, keep its config scoped, and periodically review what it fetched or changed.