Knowledge Base

The skill bundle implements a local knowledge base with automated file ingestion and vector search. It exhibits high-risk behaviors including automatic dependency installation via `subprocess.run` in `scripts/init.py` and `scripts/vector_index.py`, which can lead to arbitrary code execution during setup. Additionally, `scripts/auto_ingest.py` monitors and processes files from the shared `/tmp/openclaw` directory, which could be exploited for unauthorized data injection. While these actions are aligned with the stated 'zero-config' purpose, the use of high-privilege commands and predictable temporary paths warrants a suspicious classification.