YouMind
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: youmind Version: 2.0.1 The skill is classified as suspicious due to the presence of high-risk capabilities that could be abused, primarily the ability to read and upload arbitrary local files via `scripts/material_manager.py` and `scripts/api_client.py`'s `upload_file` function. While intended for legitimate file uploads to the Youmind service, a malicious prompt could instruct an AI agent to upload sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`). Additionally, `scripts/run.py` uses `subprocess.call` to execute other Python scripts, and `scripts/cdp_auth.py` uses `subprocess.run` to interact with the `openclaw` CLI. Although arguments are generally controlled, these patterns represent potential command injection vulnerabilities if an AI agent's input handling is insufficient. There is no evidence of intentional malicious behavior such as data exfiltration to unauthorized third-party domains, persistence mechanisms, or obfuscated payloads designed for self-exploitation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act as the logged-in Youmind user, and cached session data could allow account access if the local skill data is exposed.
This shows the skill uses live browser session cookies and persists them locally. That may be necessary for the Youmind API, but it is sensitive account access and the provided metadata lists no primary credential or required credential configuration.
Reads fresh YouMind cookies using `Network.getAllCookies`; Caches them locally in `data/cdp_cache.json` with a **5-hour TTL**; On cache expiry, silently re-fetches from the browser
Install only if you trust the skill with your Youmind session. Prefer a dedicated Youmind account/browser profile, verify cookie handling is limited to youmind.com, and clear the data/ directory when you no longer need the skill.
An agent using this skill can add or change content in the user’s Youmind account and upload selected local files to Youmind.
The skill exposes commands that create account content, upload local files, and trigger generation workflows. These are disclosed and purpose-aligned, but they are still impactful operations.
create --name "My Board" ... upload-file --board-id <board-id> --file /path/to/file.pdf ... generate-image ... generate-slides
Give the agent explicit board IDs, file paths, and prompts, and review requests before allowing uploads or generated content operations.
First use may download and install software into the skill’s local environment.
The skill can install dependencies and a browser binary during first-run environment setup. This appears central to its browser-auth flow, but it is not represented as an install spec in the registry metadata.
subprocess.run([str(pip_exe), "install", "-q", "-r", str(requirements_file)], check=True) ... subprocess.run([str(python_exe), "-m", "patchright", "install", "chrome"], check=True
Run it in an isolated environment, review requirements.txt, and avoid installing if you do not want the skill to manage a local virtual environment and browser dependency.
Sensitive document content may appear in the agent transcript, logs, or downstream summaries if raw extraction is used.
When requested, artifact extraction can place raw document content from Youmind into the command output and agent context.
if include_raw_content:
result["raw_content"] = ((page.get("content") or {}).get("raw"))Use `--include-raw-content` only for documents you are comfortable exposing to the local agent session and its logs.