Gno.Bak 2026 01 28T18:01:20+10:30
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If asked to perform setup or maintenance, the agent could run GNO commands that change indexes, tags, local model state, or integration settings.
The skill gives the agent broad authority to run any gno subcommand plus read files. This is aligned with local search/indexing, but the command set includes setup, indexing, serving, MCP, skill, model, and admin operations.
allowed-tools: Bash(gno:*) Read
Use the skill for clearly scoped search/index tasks, and manually confirm high-impact commands such as reset, cleanup, mcp install, skill install/uninstall, model clearing, or commands using --yes.
The safety of actual command execution depends on the GNO CLI already installed on the user's machine, not on code bundled in this skill.
The skill itself contains no executable code or installer, but its instructions assume an external gno CLI. The registry also lists the source as unknown, so the CLI provenance is outside the provided skill package.
No install spec — this is an instruction-only skill.
Verify the installed gno binary and its source before using the skill, especially before indexing sensitive folders or installing MCP integrations.
Private or untrusted documents added to an index may be surfaced later in search results or used as context for generated answers.
The skill is designed to ingest local documents and create persistent indexes/embeddings for later search and AI answers. This is the core purpose, but it means indexed content can influence future retrieval and answers.
gno collection add ~/docs --name docs # Add folder to index gno index # Build index (ingest + embed)
Index only intended folders, exclude secrets or irrelevant private data, and review context/index maintenance commands when documents change.
An MCP-enabled client may be able to access the GNO index and, if write tools are enabled, perform modifications through the integration.
The skill documents installing GNO as an MCP server and optionally enabling write tools. This is disclosed and related to AI assistant integration, but it creates a data/control boundary between GNO and other AI clients.
GNO provides an MCP (Model Context Protocol) server for AI client integration. # With write tools enabled gno mcp install --enable-write
Install MCP only for trusted clients and scopes, avoid enabling write tools unless needed, and use the documented uninstall/status commands to manage the integration.