Knowledge Base Collector
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: knowledge-base-collector Version: 0.1.3 The skill bundle is classified as suspicious due to potential shell injection vulnerabilities and the use of powerful execution capabilities. The `SKILL.md` instructs the AI agent to execute `python3` scripts with user-provided arguments (URL, tags, notes, image paths). If the agent fails to properly sanitize or escape these arguments before constructing the shell command, it could lead to remote code execution (RCE). Additionally, the `SKILL.md` mentions using `nodes.run` to execute commands on connected macOS nodes, which is a powerful capability that could be abused for unauthorized remote execution if the agent is prompted to run arbitrary commands. While the scripts themselves appear to perform their stated function, the method of execution described in `SKILL.md` introduces significant risks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive URLs may be visible to the external extraction service used to fetch page content.
URL ingestion sends the user-provided URL to the external r.jina.ai extraction service, which is disclosed and purpose-aligned but crosses a data boundary.
rurl = "https://r.jina.ai/" + url
Avoid ingesting confidential links through this path unless you are comfortable sharing the URL with the extraction provider.
Sensitive or misleading content saved into the KB may remain available to later searches, summaries, or Telegram Q&A workflows.
The skill intentionally persists collected web, screenshot, and note content for later search and Q&A use.
Store: writes to a shared KB folder with per-item `content.md` + `meta.json` and a global `index.jsonl`
Redact secrets before saving, periodically review the KB, and treat retrieved web/screenshot text as untrusted source material.
If used, the agent may execute a fetch operation on a connected Mac rather than only on the server environment.
The optional WeChat fallback can run fetching code on a connected macOS node; this is disclosed and aligned with the WeChat collection purpose, but it is a broader tool path than the local scripts.
可用 `nodes.run` 在节点上执行抓取(requests+bs4),然后写入 KB。
Confirm the target node and exact action before allowing nodes.run, and prefer the placeholder/manual path for sensitive WeChat content.