ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

业务运营问答助手

v0.0.1

Build and query a FAQ knowledge base from markdown files. Use when asked to create a FAQ bot, set up automatic answers, build a knowledge base, add FAQ entri...

2· 317·0 current·0 all-time
byBING@imbing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, README, SKILL.md, and the included script all align: a local FAQ builder/searcher. No unrelated binaries, cloud credentials, or external services are requested.
Instruction Scope
SKILL.md instructs the agent to run the included CLI commands (init, add, import, search, list, export, remove, stats). The instructions and code operate on user-supplied markdown and a local knowledge-base file; they do not instruct reading unrelated system-wide secrets or sending data to external endpoints.
Install Mechanism
There is no install spec and no network download/install steps. The skill is instruction-only with a bundled pure-Python script (standard library only), so nothing is fetched from remote URLs during install.
Credentials
The skill declares no required environment variables or credentials (correct). The code does read an optional FAQ_BOT_DIR env var to override the default storage path (~/.faq-bot); this is harmless but is not listed in requires.env — a small documentation inconsistency.
Persistence & Privilege
always:false and user-invocable: normal. The script stores data in the user's home directory (~/.faq-bot) by default and can write export files where the user specifies; it does not modify other skills or system-wide agent configuration.
Assessment
This skill appears to do exactly what it says: create and search a local FAQ built from markdown. It stores data by default in ~/.faq-bot (overridable via FAQ_BOT_DIR), reads any markdown file you pass to the import command, and does not call external services or require credentials. Before installing or running: review the included scripts if you want to audit behavior; be aware it will create files under your home directory and will write export files to paths you provide; if you don't trust the publisher, run it in a sandbox or isolated account. Also note the README/code refer to an optional FAQ_BOT_DIR env var that isn't listed in the skill metadata — this is benign but worth knowing.

Like a lobster shell, security has layers — review code before you run it.

latestvk977xy6bxmyyn3n59dh2cxjked825wbf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments