Mac Mini Knowledge Base + RAG Setup
WarnAudited by ClawScan on May 12, 2026.
Overview
The skill is mostly aligned with building a local knowledge base, but it broadly enables command execution and contains an unsafe catalog script that could run code from crafted document filenames.
Review carefully before installing. If you use it, first fix the filename code-execution issue, avoid globally enabling exec/process, confirm the Feishu recipient, and only place documents in the knowledge folder that you are comfortable having summarized and retained.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously named document placed in the knowledge folder could run commands as the local user during catalog generation, including from a scheduled job.
The file path comes from files found in the knowledge directory and is inserted directly into JavaScript source passed to node -e. A crafted filename containing quotes or JavaScript syntax could execute code when the catalog job runs.
['-e', `... const buf = fs.readFileSync('${filepath}', { end: 50 * 1024 }); ...`]Do not run the scheduled catalog job until patched. Pass file paths as argv or encode them safely, avoid node -e string interpolation, and validate or escape filenames.
Agents or sessions using this configuration may gain broad local command/process capability, increasing the impact of prompt mistakes, malicious files, or compromised tasks.
The setup script modifies the global OpenClaw configuration to allow exec and process tools, rather than limiting execution to a specific vetted script or job.
data['tools'] = {**existing_tools, 'alsoAllow': ['exec', 'process']}Avoid globally enabling exec/process. Use a narrowly scoped runner, require explicit user approval for shell execution, and document how to restore the previous OpenClaw config.
The skill may fail or execute dependency code outside the reviewed package, and the user has little assurance about which parser code is actually being used.
The script loads pdf-parse from a hard-coded path inside another skill's node_modules, which is not declared in the metadata or installed by this package.
const PDF_PARSE = '/Users/home/.openclaw/workspace/skills/local-file-rag-basic/script/node_modules/pdf-parse';
Declare and install pinned dependencies within this skill, avoid hard-coded absolute paths, and remove reliance on another skill's private node_modules.
Private documents placed in the knowledge folder may be copied into summaries and retained for later use by agents or scheduled tasks.
The analysis script recursively reads many document types under the knowledge directory and writes extracted content into persistent summary files.
patterns = ["**/*.pdf", "**/*.docx", "**/*.xlsx", "**/*.pptx", "**/*.md", "**/*.csv", "**/*.txt"] ... f.write(content)
Only place intended documents in the knowledge folder, add exclusions for sensitive files, and define retention or cleanup for summaries and caches.
Summaries of local documents may leave the machine and be delivered to Feishu; a wrong recipient or overly broad summaries could expose sensitive information.
The documented cron workflow sends generated document summaries through a Feishu channel to a provided user ID.
--message "读取 summaries/ 目录发送摘要到飞书" --announce --channel feishu --to "user:<飞书用户ID>"
Verify the Feishu recipient, review what summaries contain before enabling the send job, and disable the Feishu cron if documents are sensitive.
The jobs can continue running daily after setup until the user removes them, processing newly added documents automatically.
The skill intentionally registers recurring autonomous jobs for analysis and summary delivery.
openclaw cron add --name "22:00分析新文档" ... openclaw cron add --name "08:00发送文档摘要"
Track the created cron job IDs, periodically review them with OpenClaw cron commands, and remove them when no longer needed.