ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Meta Knowledge Base

v1.0.0

AI-powered knowledge base builder that automatically captures, organizes, and retrieves information. Learns from conversations, documents, and interactions t...

0· 82·1 current·1 all-time
by@jason-aka-chen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description (self-building KB, RAG, semantic search) align with the provided code (KnowledgeBase, vector store, graph, add/search/ask). However SKILL.md advertises capabilities (real embedding models, web scraping, file-watch, email parsing, continuous background learning) that are only stubbed or simplified in the code: embeddings are generated by a local hash/random function, add_from_url does not fetch remote content (stores a placeholder string), and file-watch/web-scrape/email parsing are described but not implemented or incomplete. The README also instructs pip installing heavy libraries (faiss-cpu, sentence-transformers) while the code does not import or use them — a disproportionate dependency request relative to the shipped code.
!
Instruction Scope
SKILL.md encourages 'auto-capture' from conversations, documents, web pages and shows an integration snippet hooking into after_message to call kb.add(...) — that implies automatic ingestion of user conversations and files. The code writes all captured content to disk under ~/.meta_knowledge/<name> and will index any content passed to add/add_from_file. While this behavior is coherent for a KB, it means sensitive messages/files could be stored locally automatically. The instructions are permissive (hooks and 'implicit learning') without explicit guidance about filtering, consent, or redaction. This raises privacy risk if installed without restricting what is auto-captured.
Install Mechanism
There is no formal install spec in the package; SKILL.md recommends running 'pip install numpy faiss-cpu sentence-transformers'. Those are heavy, platform-sensitive packages (faiss-cpu in particular can be problematic on some OSes). The included code does not import or use sentence-transformers or faiss; embeddings are produced locally with a hash/random fallback. Requiring these dependencies in docs but not using them is an inconsistency and may lead users to install unnecessary large packages.
Credentials
The skill requests no environment variables, no external credentials, and no config paths beyond writing into a user directory (~/.meta_knowledge/<name>). That is proportionate to a local knowledge-base. Note: while no network credentials are requested, the documentation suggests web scraping and message hooks; if you enable such hooks in a larger system, the skill will have access to whatever conversation or file data the host supplies — so restrict what is passed to it.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills/configs. It persists data to a local path in the user's home directory and manages its own files, which is expected for a KB. Autonomous invocation is permitted by default (not flagged here) but should be considered together with the auto-capture guidance.
What to consider before installing
This appears to be a local KB prototype rather than a production-ready ingestion agent. Before installing or enabling auto-capture: 1) Review and test the Python file in a sandbox — the code writes everything passed to add()/add_from_file() into ~/.meta_knowledge/<name>/*.json. 2) Do not enable automatic hooks (after_message, file-watch, email parsing) without auditing what data will be sent; they can cause sensitive messages/files to be stored. 3) You do not need to blindly run the pip install line: the code as shipped uses a local dummy embedding generator; installing faiss-cpu and sentence-transformers is optional and heavy — only install them if you plan to replace the stubbed embedding function with a real model and understand platform implications. 4) If you intend to use remote fetching (add_from_url) or real embeddings, inspect and modify those methods to ensure safe network behavior and to add rate-limiting, timeouts, and explicit consent. 5) If you want a production deployment, request or implement explicit filters, redaction, and access controls so the KB does not capture secrets automatically.

Like a lobster shell, security has layers — review code before you run it.

latestvk979f7bvqae3yc2j5d8s7h217n83d1fy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments