ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Knowledge Vault

v1.0.3

You have 200 bookmarks you'll never revisit and a 'Read Later' list that's basically a graveyard. Knowledge Vault changes the game: paste any URL — article,...

0· 70·0 current·0 all-time
by@nollio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (save, summarize, and search saved content) matches the actions described in SKILL.md and the included files. The skill uses agent tools (web_fetch, pdf, summarize, memory_store) and local storage (data/, config/, scripts/) which are appropriate for a vault-style capability.
Instruction Scope
SKILL.md stays on-topic (fetch content, summarize, store entries). It explicitly instructs the agent to treat fetched content as data, not as executable instructions (prompt-injection defense). One setup convenience asks the user to paste a shell-based 'SETUP-PROMPT' into the agent chat which runs mkdir/install/cat commands to copy files into the workspace — this is functional for local installation but is a sensitive step: review the commands before executing them and only run them in a trusted environment.
Install Mechanism
No network downloads or package installs are specified; this is instruction-only with two local files copied by the setup script. No remote URLs, installers, or extracted archives are present.
Credentials
The skill declares no required environment variables, credentials, or external endpoints. It does enable memory_integration (writing to the agent's long-term memory) in config/vault-config.json — this is reasonable for a vault but is a persistence/privacy consideration the user should be aware of.
Persistence & Privilege
always:false (not forced). The skill writes to local workspace directories (data/, config/, scripts/) and integrates with the agent's memory_store per config. Autonomous invocation is allowed by default (platform default); combined with memory writes this expands blast radius compared to a read-only skill, so confirm platform memory retention settings if you are sensitive about long-term storage.
Scan Findings in Context
[ignore-previous-instructions] expected: The SKILL.md and SECURITY.md intentionally include 'ignore previous instructions' style text as a prompt-injection defense. The static scanner flagged this phrase, but here it appears used defensively (instructing the agent to treat ingested content as data).
Assessment
This skill is broadly coherent with its stated purpose, but take these precautions before installing: - Review the SETUP-PROMPT.md before pasting or executing it. It contains shell commands (mkdir, install, chmod, cat). Only run them in a workspace you trust and have permission to modify. - Confirm your agent platform's memory/long-term-storage policy. The vault config enables syncing entries to the agent's memory_store; if you don't want persistent storage, disable memory_integration or adjust importance/retention settings. - Inspect scripts/vault-stats.sh locally before running. It requests jq and performs file reads; I noticed some malformed/odd code fragments in the script (likely a bug). Don't run scripts you haven't reviewed in an untrusted environment. - The skill will fetch external URLs when you ask it to ingest content (web_fetch/browser). Only ingest URLs you trust, and be comfortable with the agent making outbound fetches on your behalf. - If you plan to deploy the dashboard or API routes, secure them behind auth and don't expose the local data directory publicly. If you want higher assurance, ask the author for a reproducible install/test in a sandbox or request an updated release that fixes the script issues and documents platform/tool expectations.
!
SKILL.md:18
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk976defmtj1hemknnn70660g3183zza2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments