Mindgraph
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: mindgraph Version: 1.0.0 The skill bundle is classified as suspicious due to its broad file system read/write/create capabilities within the agent's workspace and the potential for vulnerability via user-controlled input. The `SKILL.md` instructs the agent to use user-provided names (e.g., for new mindskills or result subjects) in file paths, which are then processed by `scripts/mindgraph.py`. While `os.path.join` is used to construct paths, mitigating simple path traversal, an attacker could still inject slashes into the name (e.g., `mindgraph.py learn "foo/bar"`) to create arbitrary nested directory structures, potentially leading to resource exhaustion or unexpected file system layout. This represents a vulnerability in input handling, rather than clear malicious intent. Additionally, the strong behavioral instructions in `SKILL.md` constitute a form of prompt injection, though currently aimed at enforcing knowledge management practices rather than harmful actions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Markdown filenames, aliases, and wikilink relationships from the workspace are stored locally in mindgraph.json and may be reused in later queries.
The script indexes all Markdown files under the workspace, creating a persistent graph from workspace content.
for root, dirs, fnames in os.walk(WORKSPACE): ... if f.endswith('.md'): files.append(os.path.join(root, f))Use it in workspaces where broad Markdown indexing is acceptable, and avoid placing sensitive private notes in indexed Markdown files unless you want them included.
A saved MindSkill can affect future agent behavior when similar requests are made.
The skill stores learned repeatable processes as files that the agent later reads and follows, which is intentional but creates persistent task guidance.
Learning a New MindSkill ... Then write the PROCESS.md based on the user's description.
Review learned MindSkill PROCESS.md files before reusing them, especially if they were created from untrusted or experimental instructions.
Markdown files the agent edits may be automatically written with Obsidian-style wikilinks even when the user did not specifically ask for graph formatting.
The skill broadly changes how the agent should write Markdown files. This is consistent with the skill’s purpose, but it applies beyond explicit graph-query tasks.
Every time you write or edit a markdown file, use `[[wikilinks]]` ... This is not optional.
Install only if you want wikilinks to become a default writing convention for workspace Markdown.
The skill may fail or behave differently if Python is unavailable, and the runtime requirement is not reflected in metadata.
The documentation expects a Python runtime and bundled script execution, while the registry requirements declare no required binaries.
python3 skills/mindgraph/scripts/mindgraph.py index
Confirm Python 3 is available and review the bundled script before relying on the commands.