knowledge-advisor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a coherent local knowledge-base advisor, but it persistently stores ingested materials and uses file, web-fetch, and Bash capabilities that users should expect before installing.
This skill looks benign and purpose-aligned for building a local book/materials knowledge base. Before installing, understand that it can read user-provided files or URLs, write and edit files under a workspace knowledge-base directory, and run local helper scripts. Review extraction summaries before finalizing and avoid ingesting private or untrusted documents unless you are comfortable having their extracted content persist locally.
Publisher note
Knowledge Advisor combines all five of these capabilities: 1. Structured extraction — Named frameworks, principles, and mental models as discrete, referenceable knowledge units (not flat text retrieval) 2. Strict source grounding — Every piece of advice cites book, chapter, and framework. Refuses to advise outside the KB. No training-data leakage. 3. Local-first, file-based — Markdown + JSON, human-readable, git-trackable, zero cloud dependency, fully portable 4. Accumulative cross-referencing — Connects frameworks across books with semantic relationship types (complementary, overlapping, contrasting) 5. Advisor persona — Not a search tool or summarizer. Applies ingested knowledge to the user's specific situation with step-by-step guidance.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may modify files in the workspace knowledge base and fetch user-supplied URLs while performing requested tasks.
The skill can read files, fetch web pages, run Bash, and write/edit local files. These are powerful tools, but they align with the stated knowledge-base ingestion and maintenance workflows.
allowed-tools: 'Read Bash Glob Grep Write Edit WebFetch'
Use the skill in the intended workspace, review ingestion summaries before saying “finalize,” and avoid giving it files or URLs you do not want incorporated into the local knowledge base.
A helper script may run locally to create or maintain the knowledge-base structure.
The skill documents local shell-script execution for setup. This is expected for initializing the skill’s own knowledge-base files, but it is still local command execution.
If it does not exist, run `{baseDir}/scripts/init-kb.sh` to initialize.If you are cautious, inspect the bundled scripts before first use and run the skill only in a workspace where creating knowledge-base files is acceptable.
Information from books, files, pasted text, or fetched URLs can persist and influence future recommendations.
The skill intentionally creates persistent local knowledge that is reused for later advice. Incorrect, sensitive, or adversarial ingested materials could shape future responses.
A Knowledge Advisor that extracts, organizes, and applies knowledge from books and learning materials... Acts as a persistent consultant grounded STRICTLY in your ingested materials
Ingest only materials you trust, review extracted items carefully before finalizing, and periodically audit or delete outdated knowledge-base entries.
Users have less external information for verifying the publisher or source of the skill.
The registry metadata does not provide an upstream source or homepage, which limits independent provenance review.
Source: unknown Homepage: none
Prefer skills from publishers you trust, and inspect included helper files before relying on them for important knowledge management.