ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

wiki-manager

v1.0.0

管理基于单一JSON索引的wiki关键词池,支持核心、缓冲、新词三池循环,自动升降级及淘汰机制,保持索引稳定不膨胀。

0· 50·0 current·0 all-time
by@markma84
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the provided instructions: a single wiki.json and three-pool lifecycle. However SKILL.md relies on the jq command (and standard shell tools like cat/cp) while the skill metadata declares no required binaries — this is an undeclared dependency that should be declared or removed.
!
Instruction Scope
Instructions use exec to run shell commands (cat, jq, cp) and explicitly tell the agent to read files referenced in entry.source (e.g., memory/..., skills/...). That is coherent for restoring detailed content, but it permits reading arbitrary paths referenced in wiki.json and thus could access other skills' files or other local data unless those source paths are constrained. No guidance or path whitelisting is provided.
Install Mechanism
This is instruction-only (no install spec) which is low-risk. Note: because the runtime commands require jq, the lack of an install specification or declared dependency means installation/runtime may fail or silently rely on an environment having jq — declare jq or provide an install step.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportional to its stated purpose.
Persistence & Privilege
always is false and autonomous invocation is default. The skill does not request elevated persistence or to modify other skills' configs. It suggests periodic checks but does not force always-on behavior.
What to consider before installing
This skill appears to do what it says (manage wiki.json with three pools) but take three precautions before installing: 1) Ensure the runtime environment has jq (or update the skill metadata to require/install it); otherwise the provided shell commands will fail. 2) Inspect any existing wiki.json entries and agree what paths are allowed in the source field — the skill's instructions will read files at those paths (e.g., memory/..., skills/...), which could expose unrelated local data if entries point to sensitive locations. 3) If you plan to let the agent run autonomously, consider limiting file-read permissions or adding explicit whitelists for source paths and add tests to prevent accidental exfiltration of secrets. If the authors can declare jq as a required binary and document/limit which source paths are valid, the remaining concerns would be resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk975dfb60jhxtgffzp2es5gngn84pk8s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments