ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

kb-framework

v1.1.0

Erstellt eine hybride Knowledge Base mit automatischer Markdown-, PDF- und OCR-Indexierung, SQLite- und ChromaDB-Integration plus tägliche Datenqualitätsprüf...

0· 89·0 current·0 all-time
by@minenclown
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (hybrid KB, Markdown/PDF/OCR, SQLite + ChromaDB, Obsidian integration) matches the included code: indexer, Chroma integration, hybrid search, and obsidian modules are present. However the registry metadata claims 'instruction-only / no install spec' while the bundle contains 56 Python files and shell scripts — so it is not purely instruction-only. Also SKILL.md and multiple docs reference environment variables (KB_DB_PATH, KB_BASE_PATH etc.) even though the skill declares no required env vars in metadata.
!
Instruction Scope
Runtime instructions ask you to copy the skill into the agent/workspace, pip install -r requirements.txt, and run the indexer --init (which will execute code). The SKILL.md suggests editing kb/config.py but changelog says kb/config.py was removed (incoherence). The codebase includes an Obsidian writer with create/update/delete/move operations — so the runtime behavior includes writing and deleting user files if used. The docs claim 'offline-only' and 'no network operations' but there is an 'update.py' / auto-updater referenced in docs and README examples include a git clone; you should inspect update.py and other scripts before running.
Install Mechanism
There is no formal install spec in the registry, but SKILL.md instructs pip install -r requirements.txt (requirements file exists in the bundle). pip will pull packages from PyPI (normal for Python projects) — moderate risk. No external arbitrary downloads or obscure URLs are present in the provided instructions, but the bundle includes shell scripts (kb.sh, scripts/install.sh) that will be placed/run on your system when you follow the instructions.
!
Credentials
Registry metadata lists no required env vars, but the code and documentation rely on many environment variables (KB_DB_PATH, KB_CHROMA_PATH, KB_LIBRARY_PATH, KB_BASE_PATH, KB_HOME). SECURITY_FUNCTIONS.txt and other docs list KB_HOME and other env vars. The skill also asks (implicitly) for filesystem access to user content (library and Obsidian vault) and will perform write/delete operations — this is proportional to a vault-syncing KB but is a sensitive capability and should be explicitly acknowledged by the user prior to install.
!
Persistence & Privilege
The skill is not marked always:true, and model invocation is allowed (normal). However the code includes a writer capable of creating/updating/deleting/moving user .md files in an Obsidian vault, a ghost/delete-orphans command that can remove DB entries, and an update.py/autoupdater is referenced in docs. Those features give the skill the ability to modify user data and potentially auto-update its code — combine that with the earlier metadata/instruction inconsistencies and you should treat installation as privileged and review how writer path-validation and the updater function before allowing it to run.
What to consider before installing
What to check before installing: - Treat this as a code-bearing package (not just an instruction-only skill). Review the bundle's Python files (especially kb/obsidian/writer.py, update.py, kb/indexer.py and scripts/*.sh). Search for any network calls (requests, urllib, socket, subprocess calling curl/wget/git), telemetry, or hard-coded endpoints. - Inspect requirements.txt to see which PyPI packages will be installed; consider installing inside a virtualenv or container. - Backup any Obsidian vault or library directory you plan to point the skill at. Test writer operations in a disposable copy first because the writer can create/modify/delete notes. - Verify path validation: confirm the writer strictly restricts operations to the configured vault directory and that delete operations move files to a trash/backup rather than immediate rm. - Review update.py/autoupdater and any code that pulls updates or executes remote code before enabling automatic updates. - If you want minimal risk, run the skill in a sandboxed environment (container, VM) and restrict its KB_LIBRARY_PATH to a directory containing only data you are willing to expose/modify. Given the mismatches (metadata vs. included files, SKILL.md vs. changelog, environment variables not declared) and the presence of file-modifying + updater code, proceed only after manual code review or in an isolated/test environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk971gbkvnmbccqhcf4gc4xfx3984wg96stablevk971gbkvnmbccqhcf4gc4xfx3984wg96

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments