Knowtrust Graph Publish
ReviewAudited by ClawScan on May 13, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
This skill is reasonable for a local knowledge graph, but install it from a verified source, avoid running unverified curl/bash commands, and only approve storing information you are comfortable keeping in ~/.zhixin/zhixin.db. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user runs the installer, they are trusting whatever code is served from that GitHub location at install time.
The documented installer downloads executable code from an unpinned live GitHub branch into the user's home directory. This is disclosed and user-directed, but the placeholder/unpinned source means the installed code may not match the reviewed package.
REPO="你的用户名/zhixin-graph" ... curl -sL "$BASE_URL/kg.py" -o ~/.zhixin/kg.py
Prefer the packaged/reviewed files, or verify the repository, owner, and commit before running the curl/bash installer.
Confirmed or invoked commands can change the user's local knowledge database.
The skill exposes a local CLI that can add facts, entities, relations, imports, and verification updates. This is central to the tool's purpose, but it gives the agent mutation authority over the local knowledge graph.
映射到 `python3 ~/.zhixin/kg.py <command>` ... `command`: `python3 ~/.zhixin/kg.py add-fact '<json>'`
Review previews before approving write/import operations, especially when the source content is sensitive or untrusted.
Private notes, project details, or mistaken facts may remain in the local graph and be reused later.
The skill is designed to turn conversation or document content into persistent knowledge-graph entries after user confirmation. This is purpose-aligned, but persistent memory can retain sensitive or incorrect information and influence future searches.
分析当前对话/文档,提取实体/关系/事实 → 预览 → 用户确认 → 批量写入
Only approve information you want retained, keep sensitive data out unless intended, and use the verification/status features to mark uncertain facts.
Text chosen for embedding may be processed by a locally running Ollama service.
The optional embedding helper sends text to a localhost Ollama API for semantic search. This is disclosed as optional and local, but it is still a data flow to another local service.
OLLAMA_URL = "http://127.0.0.1:11434" ... urllib.request.Request(f"{OLLAMA_URL}/api/embeddings"Use semantic embedding only if you trust the local Ollama service and are comfortable sending the selected knowledge text to it.