Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
persona-knowledge
v0.2.2Persistent, incremental, searchable persona knowledge base. Ingests data from Obsidian vaults, chat exports, X/Twitter archives, and more into a MemPalace-ba...
⭐ 0· 64·0 current·0 all-time
byacnlabs@neiljo-gy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (persona knowledge base) align with the code and SKILL.md: adapters parse local exports (Obsidian, chat exports, social archives), ingestion scripts write a per‑persona directory under ~/.openpersona/knowledge, store backups in sources/, index into MemPalace, and export training/ data. Nothing in the files requires unrelated credentials or external cloud services.
Instruction Scope
SKILL.md gives the LLM agent authority to read MemPalace content and update wiki pages (Karpathy LLM Wiki pattern). That is expected for a wiki-building agent, but it grants the LLM discretionary writing power over the persona wiki (update/append pages, _changelog, _contradictions). The README also lists allowed-tools: Read Write Bash WebSearch — the presence of Bash and WebSearch means an executing agent could run shell commands or fetch web content if the platform provides those capabilities; this is consistent with the described workflow but is more powerful than a read‑only importer and worth noting for users.
Install Mechanism
There is no install spec (instruction-only skill + shipped Python scripts). The code expects Python 3.11+ and a pip package mempalace >= 3.1.0. Missing dependencies fall to the user/environment to install. No downloads from arbitrary URLs or archive extraction are present in the provided files.
Credentials
The only environment variable referenced is OPENPERSONA_KNOWLEDGE to override the default dataset path; no credentials, API keys, or unrelated secrets are requested. PII scanning is implemented locally and only flags items — there is no code that exfiltrates those findings.
Persistence & Privilege
always:false (normal). The skill writes persistent data under ~/.openpersona/knowledge/{slug}/ (sources/, .mempalace/, wiki/, dataset.json). This is necessary for the stated purpose but means raw personal content and derived artifacts are stored locally and copied into exports (export_training copies raw/). The iMessage adapter reads a local SQLite DB (may require macOS Full Disk Access); the skill will create files and directories in the user's home directory.
Assessment
This skill appears to do what it claims: ingest local archives and build a local persona knowledge base. Before installing/using it, consider: 1) You will be giving the skill access to local files (chat exports, Obsidian vaults, social archive directories) and it will store backups and indexes under ~/.openpersona/knowledge — do not ingest sensitive data you don't want preserved in plain files. 2) The iMessage adapter reads the Messages SQLite DB (macOS Full Disk Access may be needed) — grant permissions only if you trust the code. 3) It depends on the third‑party mempalace library (pip install mempalace); review that library if you need assurance about where vector indices are stored or whether it contacts external services. 4) The agent is allowed to write wiki pages and (per SKILL.md) may use Bash and WebSearch if the platform exposes those tools — only enable autonomous invocation if you trust the agent's behavior and limit sources you provide. 5) Use --dry-run first to verify parsed messages and PII flags, and inspect ~/.openpersona/knowledge before running exports. If you want stronger protections, run the ingestion in an isolated environment, avoid ingesting highly sensitive files, and/or encrypt the knowledge directory.Like a lobster shell, security has layers — review code before you run it.
latestvk9711zsk5tdn2npw9ap2f084d184t7cj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.