Knowledge Base Collector
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive URLs may be visible to the external extraction service used to fetch page content.
URL ingestion sends the user-provided URL to the external r.jina.ai extraction service, which is disclosed and purpose-aligned but crosses a data boundary.
rurl = "https://r.jina.ai/" + url
Avoid ingesting confidential links through this path unless you are comfortable sharing the URL with the extraction provider.
Sensitive or misleading content saved into the KB may remain available to later searches, summaries, or Telegram Q&A workflows.
The skill intentionally persists collected web, screenshot, and note content for later search and Q&A use.
Store: writes to a shared KB folder with per-item `content.md` + `meta.json` and a global `index.jsonl`
Redact secrets before saving, periodically review the KB, and treat retrieved web/screenshot text as untrusted source material.
If used, the agent may execute a fetch operation on a connected Mac rather than only on the server environment.
The optional WeChat fallback can run fetching code on a connected macOS node; this is disclosed and aligned with the WeChat collection purpose, but it is a broader tool path than the local scripts.
可用 `nodes.run` 在节点上执行抓取(requests+bs4),然后写入 KB。
Confirm the target node and exact action before allowing nodes.run, and prefer the placeholder/manual path for sensitive WeChat content.