Mac Mini Knowledge Base + RAG Setup
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: macmini-knowledge-base Version: 1.1.0 The skill bundle sets up a local RAG system but introduces significant security risks by explicitly instructing the agent to enable high-privilege tools ('exec' and 'process') in the OpenClaw configuration (setup.sh). The scripts generate_catalog.js and run_analysis.py contain potential code injection vulnerabilities because they embed unsanitized file paths directly into strings that are subsequently executed via 'node -e' or written to temporary Python files for execution. Additionally, the use of hardcoded absolute paths (e.g., /Users/home/) and cross-skill dependencies suggests poor security hygiene or a highly specific target environment.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously named document placed in the knowledge folder could run commands as the local user during catalog generation, including from a scheduled job.
The file path comes from files found in the knowledge directory and is inserted directly into JavaScript source passed to node -e. A crafted filename containing quotes or JavaScript syntax could execute code when the catalog job runs.
['-e', `... const buf = fs.readFileSync('${filepath}', { end: 50 * 1024 }); ...`]Do not run the scheduled catalog job until patched. Pass file paths as argv or encode them safely, avoid node -e string interpolation, and validate or escape filenames.
Agents or sessions using this configuration may gain broad local command/process capability, increasing the impact of prompt mistakes, malicious files, or compromised tasks.
The setup script modifies the global OpenClaw configuration to allow exec and process tools, rather than limiting execution to a specific vetted script or job.
data['tools'] = {**existing_tools, 'alsoAllow': ['exec', 'process']}Avoid globally enabling exec/process. Use a narrowly scoped runner, require explicit user approval for shell execution, and document how to restore the previous OpenClaw config.
The skill may fail or execute dependency code outside the reviewed package, and the user has little assurance about which parser code is actually being used.
The script loads pdf-parse from a hard-coded path inside another skill's node_modules, which is not declared in the metadata or installed by this package.
const PDF_PARSE = '/Users/home/.openclaw/workspace/skills/local-file-rag-basic/script/node_modules/pdf-parse';
Declare and install pinned dependencies within this skill, avoid hard-coded absolute paths, and remove reliance on another skill's private node_modules.
Private documents placed in the knowledge folder may be copied into summaries and retained for later use by agents or scheduled tasks.
The analysis script recursively reads many document types under the knowledge directory and writes extracted content into persistent summary files.
patterns = ["**/*.pdf", "**/*.docx", "**/*.xlsx", "**/*.pptx", "**/*.md", "**/*.csv", "**/*.txt"] ... f.write(content)
Only place intended documents in the knowledge folder, add exclusions for sensitive files, and define retention or cleanup for summaries and caches.
Summaries of local documents may leave the machine and be delivered to Feishu; a wrong recipient or overly broad summaries could expose sensitive information.
The documented cron workflow sends generated document summaries through a Feishu channel to a provided user ID.
--message "读取 summaries/ 目录发送摘要到飞书" --announce --channel feishu --to "user:<飞书用户ID>"
Verify the Feishu recipient, review what summaries contain before enabling the send job, and disable the Feishu cron if documents are sensitive.
The jobs can continue running daily after setup until the user removes them, processing newly added documents automatically.
The skill intentionally registers recurring autonomous jobs for analysis and summary delivery.
openclaw cron add --name "22:00分析新文档" ... openclaw cron add --name "08:00发送文档摘要"
Track the created cron job IDs, periodically review them with OpenClaw cron commands, and remove them when no longer needed.