ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Knowledgebase Share

v0.3.2

Operate a multi-agent shared knowledge layer backed by one GitHub repository. Use when setting up shared/private knowledge folders, enforcing branch+PR workf...

0· 375·1 current·1 all-time
byReed@reed1898
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the included scripts and SKILL.md: all actions are Git-based repository operations (clone, branch, pull/rebase, push) against a configured repo_url. There are no requested credentials or network endpoints outside the canonical Git remote model, so the requested capabilities align with the stated purpose.
Instruction Scope
SKILL.md and the scripts stick to knowledge-layer git workflows. However, the scripts perform push/pull/rebase operations which will transmit repository contents to/from whatever remote is configured and will use the agent/host's Git credentials (SSH keys or HTTPS tokens). The skill warns not to hardcode secrets, but does not enforce it — accidental inclusion of secrets in notes could be pushed to the remote.
Install Mechanism
There is no install spec or external downloads (instruction-only + bundled scripts), which is low risk. Note: the scripts assume command-line tools (git and optionally jq) but the skill metadata did not declare required binaries; those tools must exist on the host for correct operation.
Credentials
The skill does not request environment variables or credentials directly (good). It implicitly relies on the host's git configuration and credentials (SSH keys or cached HTTPS credentials). This is proportionate to the task but means the operator must ensure the configured repo_url is trusted — misconfiguring it could send data to an attacker-controlled remote.
Persistence & Privilege
always is false; the skill does not request permanent platform-wide privileges and it only writes to the configured local_path. It does not alter other skills or system agent config. Files and directories are created under the user-specified local_path, which is expected behavior.
Assessment
Before installing/running: (1) Review and set references/kb-config.json so repo_url points to a trusted repository and local_path is correct. (2) Understand that the scripts will run git pull/rebase and git push using your host's git credentials — do not point repo_url to an untrusted remote. (3) Ensure required tools (git, and jq if you want JSON config parsing) are installed; note that '~' in the JSON will not be shell-expanded by the scripts (edit to an absolute path). (4) Use --no-push or mode=status to dry-run and inspect changes before pushing. (5) Avoid storing secrets in repo content; consider using a deploy key or least-privileged token for CI/automation. If you want stronger assurances, ask the skill author to declare required binaries and to add explicit validation of config values and path expansion.

Like a lobster shell, security has layers — review code before you run it.

latestvk977gdjmw9me3a0q7w1q078qvd8241wn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments