Skillv1.0.0

ClawScan security

Local Vector Store · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 19, 2026, 2:57 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions largely match its stated purpose (a local vector store), but there are safety concerns: it writes and deletes files under a configurable path without safeguards and the README example is slightly inconsistent with the provided file layout.
Guidance: This skill appears to implement exactly what it claims (a local vector index) and does not request credentials or network access, but it has dangerous file operations that you should review before installing. Specifically: do not set STORE_PATH to system or important directories; prefer running in a sandbox or container with limited filesystem permissions; review the code paths for delete() and clear() (they delete all files in STORE_PATH) and consider hardening (validate IDs, restrict to a dedicated subdirectory, only remove *.json files, or require confirmation). Also verify the usage example matches your installation path (the example require path may not match index.js). If you cannot review or sandbox the code, treat this as higher risk.

Review Dimensions

Purpose & Capability: okName, description, SKILL.md, and code align: the module implements local vector generation, indexing, search, batch operations, persistence to a local storePath, and configuration via environment variables. There are no network calls or unrelated dependencies requested.
Instruction Scope: noteSKILL.md stays within the feature set (index, batch, search, env config). It only references configuration env vars declared in the README (VECTOR_DIMENSION, STORE_PATH, SIMILARITY_THRESHOLD). Minor inconsistency: example shows require('./local-vector-store') while the repository provides index.js at the root — this may be a usage/documentation mismatch but not a direct security issue.
Install Mechanism: okNo install spec or external downloads; the skill is instruction-only with included source files. Nothing is fetched from third-party URLs or package registries during install.
Credentials: okNo credentials or sensitive environment variables are requested. The only env vars are configuration (dimension, store path, threshold), which are proportionate to the claimed functionality.
Persistence & Privilege: concernThe code persists documents to a file path and exposes delete() and clear() that synchronously unlink files in the configured STORE_PATH without validation. If STORE_PATH is misconfigured (e.g., set to / or another important directory), clear() will attempt to delete all files in that directory. There are no safeguards against path traversal in document IDs or checks to limit deletions to a safe subdirectory or filename pattern.