ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Knowledge Base

v1.1.0

Personal knowledge wiki compiler. Ingests raw data (URLs, papers, articles, files), compiles into structured .md wiki with concept pages, summaries, and back...

0· 24·0 current·0 all-time
by@lifei68801
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the included scripts and SKILL.md: scripts create raw stubs, mark compiled state, lint, and rebuild an index under ~/.openclaw/workspace/knowledge (or KNOWLEDGE_BASE_DIR). The requested filesystem read/write permissions and lack of credentials are proportionate to a local knowledge wiki. However, the ingest workflow explicitly refers to fetching external content (web_fetch) while the skill metadata states 'network: none' — this is an inconsistency that should be resolved (either the agent must have network capability or the skill should not claim to fetch content).
!
Instruction Scope
SKILL.md instructs the agent to auto-detect links and perform silent 'static ingest → compile → reply' for many domains and also describes an LLM 'deep-lint' that reads and analyzes wiki pages. That gives the agent broad discretion to read all files under the KB_DIR and to autonomously create summaries, concepts, analyses, and log entries. The auto-ingest rules (silent ingest for many domains) mean content could be stored without explicit confirmation each time — this is scope creep relative to a minimal 'on user command' importer and raises privacy/consent concerns.
Install Mechanism
No install spec; the skill is instruction-heavy and ships small shell scripts that only operate on local paths. No downloads or external installers are present, so nothing arbitrary is written to disk during an install step beyond the existing skill files.
Credentials
The skill does not request environment variables, credentials, or access to unrelated config paths. It does honor an optional KNOWLEDGE_BASE_DIR override (reasonable). There are no secrets requested or required by the scripts or SKILL.md.
Persistence & Privilege
The skill is not forced-always and doesn't request elevated system privileges, but it is intended to run autonomously (platform default) and has file:read/file:write permissions in the user's home by default. Combined with the auto-ingest behavior, this can result in persistent data being written without explicit per-item consent. No code modifies other skills or system settings.
What to consider before installing
This skill appears to be a local knowledge-wiki manager and its scripts only manipulate files under a configurable KB_DIR, which is coherent with the description. Things to consider before installing: - Resolve the network mismatch: the SKILL.md expects the agent to 'web_fetch' URLs, but the skill metadata says 'network: none'. If you do not want external fetching, require explicit user confirmation or disable network for the agent. If network fetching is needed, be aware the agent will access external sites. - Auto-ingest policy: the skill's auto-detect rules can silently ingest and compile content for many domains. If you prefer explicit control, disable automatic ingest or change the behavior to always ask before saving. - Data locality & privacy: by default files are written under $HOME/.openclaw/workspace/knowledge. Consider setting KNOWLEDGE_BASE_DIR to a sandboxed folder, review log.md regularly, and limit agent autonomy if you store sensitive content. - Audit first run: run scripts in a test directory to observe behavior (ingest.sh creates stubs, compile.sh flips status to compiled, lint/update-index rebuilds files). The scripts do not perform network calls or exfiltration themselves. If you want this skill but with safer defaults, ask the author (or modify SKILL.md) to disable silent auto-ingest, clarify whether network fetch is required, and make ingestion explicitly user-confirmed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a7hf82gkg2sbvkm6mdyrdh9848tgs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments