OEE Knowledge Base RAG
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: oee-knowledge-base Version: 1.0.0 The `kb.py` file contains a critical shell injection vulnerability within the `extract_pdf` function. The `subprocess.run` call, which executes a Python script via `python3 -c`, constructs the script using an f-string that directly embeds the `path` variable (derived from user-provided `url_or_path`) without proper sanitization. A malicious URL or local path containing shell metacharacters or Python string delimiters could lead to arbitrary command execution on the host system. Additionally, the skill utilizes `subprocess.run` to execute external tools like `yt-dlp` and `pdftotext`, which, while intended, expands the attack surface.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously crafted local PDF filename or path could cause code to run on the user's machine when the agent ingests it.
The file path is interpolated directly into Python source code that is executed with `python3 -c`. If a local PDF path contains crafted quotes or Python expression syntax, it can potentially change the generated program and run unintended code.
subprocess.run(["python3", "-c", f"""
import sys
try:
import fitz
doc = fitz.open("{path}")
...
r = subprocess.run(["pdftotext", "{path}", "-"], capture_output=True, text=True)Do not generate Python code with embedded paths. Import the PDF library directly in the process, or pass the path through argv/environment variables and treat it only as data.
The skill may fail or behave differently unless the needed tools and API keys are available, and users may not see these requirements from metadata alone.
The documentation and code rely on provider API keys and optional external binaries, but the registry metadata does not declare them. This is setup under-disclosure, not evidence of malicious behavior.
metadata: Required env vars: none; Required binaries: none ... SKILL.md: `ANTHROPIC_API_KEY` or `OPENAI_API_KEY` for embeddings ... kb.py: ["yt-dlp", "--write-auto-sub", ...] and ["pdftotext", "{path}", "-"]Declare required or optional environment variables and binaries in metadata, and document which features need each dependency.
Saved content may be sent to the selected embedding provider and billed or logged according to that provider's terms.
The skill requires a provider API key for embeddings. That is expected for this RAG purpose, but it gives the skill access to use the user's embedding-provider account.
`ANTHROPIC_API_KEY` or `OPENAI_API_KEY` for embeddings
Use a dedicated, least-privilege API key where possible and avoid ingesting sensitive content unless provider handling is acceptable.
Anything saved to the knowledge base can remain on disk and be retrieved in later tasks, including sensitive notes if the user ingests them.
The skill stores raw saved content, chunks, and embeddings in a persistent SQLite database next to the skill files. This is expected for a knowledge base but creates persistent memory.
DB_PATH = Path(__file__).parent / "kb.db" ... raw_content TEXT ... content TEXT ... embedding BLOB
Only ingest information you intend to keep, review where `kb.db` is stored, and add clear deletion/export/retention guidance.