Back to skill

Security audit

claw-local-knowledge

Security checks across malware telemetry and agentic risk

Overview

This skill transparently builds a local document knowledge base, but users should understand that converted documents are kept and may be reused later.

Install this only if you want uploaded documents converted into a persistent local knowledge base. Avoid ingesting secrets or sensitive documents unless local retention is acceptable, review any SOUL.md change before enabling proactive retrieval, and keep your own copies of originals you cannot afford to lose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly instructs the agent to convert and persist user-uploaded documents into a local knowledge base, but it provides no warning about long-term storage, sensitive-data handling, consent, retention, or access controls. In a knowledge-ingestion skill, this omission is security-relevant because users may upload confidential files and the agent is encouraged to proactively retrieve and reuse that content later, increasing the chance of unintended disclosure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README states that uploaded documents are converted and stored in the local knowledge base and that an index is updated, but it does not clearly warn users that document contents will be persistently retained in the workspace. This can lead to unintended retention of sensitive or proprietary data, especially because the skill is specifically designed to ingest user-provided files and make them available for later retrieval.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to delete original uploaded files after conversion without requiring explicit user confirmation, a retention policy, or a recovery path. In a local knowledge-ingestion workflow, uploaded files may be the only copy or may contain evidentiary/business-critical data, so automatic deletion creates a real risk of unintended data loss.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.