Skillv1.0.0

ClawScan security

Agent Knowledge Capture · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 26, 2026, 11:46 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation describes a CLI that writes, moves, and deletes local files and gives an install command, but the skill bundle contains no install spec or code — that mismatch is suspicious and worth clarifying before use.
Guidance: This skill appears to document a local CLI for saving and maintaining notes, but the package contains only documentation and no executable or install spec. Before installing or enabling automation: 1) Confirm the origin — where does 'clawhub install knowledge' download from and is that source trustworthy (there's no homepage or source listed). 2) Verify the actual 'know' binary and inspect its code before running it, since the SKILL.md expects it to modify files under ~/.soulshare/agent/knowledge/ and run tidy --fix (which can remove or move files). 3) Back up your existing ~/.soulshare (and any target directories) before running auto-fix/cron tasks. 4) If you don't want automated modifications, avoid scheduling tidy --fix in heartbeats/cron and run maintenance manually after inspection. 5) Ask the publisher for the missing install manifest or source code; lack of code + install instructions is the main reason this is flagged as suspicious.

Review Dimensions

Purpose & Capability: noteName/description (knowledge capture and retrieval) align with the instructions (commands to add/search/tidy knowledge entries). However the SKILL.md references an install command (clawhub install knowledge) and an on-disk script (~/.openclaw/skills/knowledge/scripts/know) even though the registry entry contains no install spec or code files. That gap is an incoherence to investigate.
Instruction Scope: noteInstructions stay within the stated domain: adding entries, searching, and maintaining a local knowledge directory. They explicitly write files under ~/.soulshare/agent/knowledge/ and read an optional config at ~/.config/know/config or env KNOWLEDGE_DIR, and recommend running tidy --fix periodically (which can move/remove files). Those file operations are expected for this purpose but are destructive by design (auto-fix/remove), so they should be reviewed before enabling automated runs.
Install Mechanism: concernThe SKILL.md claims an installation step and a bundled script path, yet the skill package contains no install spec and no code files. Because there is no provided install mechanism or code, it's unclear where the 'know' binary comes from, what 'clawhub install knowledge' would fetch, or whether external downloads are required — this is an important inconsistency and a potential supply-chain risk if you try to follow the install instructions.
Credentials: okNo credentials or sensitive environment variables are requested. The only environment/config references are an optional KNOWLEDGE_DIR and a config file path, which are proportional to a local knowledge-management tool.
Persistence & Privilege: noteThe skill does not request always-on privilege (always: false). It recommends running periodic maintenance (heartbeats/cron) which would allow automated modification/deletion of files; if enabled, that increases risk. The skill does not request access to other skills' configs or system-wide credentials.