Back to skill

Security audit

Mac Mini Knowledge Base + RAG Setup

Security checks across malware telemetry and agentic risk

Overview

This skill sets up a local Mac knowledge-base workflow with disclosed document parsing, dependency installation, scheduled analysis, and optional Feishu notifications.

Install only if you are comfortable allowing this skill to parse files placed in ~/.openclaw/workspace/knowledge, install local dependencies, enable OpenClaw exec/process tools, and create scheduled jobs. Avoid placing confidential files in the knowledge directory unless you are comfortable with plaintext summaries and possible Feishu delivery, or skip/remove the Feishu cron setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

os.system() or os exec-family call

High
Category
Dangerous Code Execution
Content
def _kill_proc_tree(pid):
    try:
        os.system(f"pkill -P {pid} 2>/dev/null")
    except:
        pass
    try:
Confidence
97% confidence
Finding
os.system(f"pkill -P {pid} 2>/dev/null")

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs users to copy scripts, modify local configuration, and run shell commands and cron jobs, but it does not declare corresponding permissions. This creates a transparency and consent problem: the skill materially exercises file read/write and shell capabilities without an explicit permission model, increasing the chance users enable risky behavior without understanding the scope.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The setup enables exec/process tools and creates automated tasks that analyze local documents and send summaries to Feishu, but it does not prominently disclose that potentially sensitive document-derived content will leave the machine. In a knowledge-base skill handling arbitrary local files, this creates a real privacy and data exfiltration risk, especially because the transfer is scheduled and persistent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The migration step copies the entire knowledge directory to another machine with scp, but the guide does not warn that this may include sensitive source documents, generated summaries, caches, and analysis artifacts. Users may unintentionally transfer confidential material wholesale because the instruction is broad and framed as routine migration guidance.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script extracts text from user documents under the knowledge directory and writes that content into plaintext summary files in `.analysis/summaries` without any consent check, minimization, or access-control handling. In a local knowledge-base workflow this behavior is functionally expected, but it still creates an additional at-rest copy of potentially sensitive document contents that could be exposed through weak filesystem permissions, backups, sync tools, or later indexing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script immediately creates persistent directories and a file under the user's home directory without any explicit confirmation, dry-run mode, or clear warning that filesystem state will be changed. In an installation script this is common, but it is still a real safety issue because users may run it expecting inspection or setup guidance rather than irreversible local changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script installs Homebrew packages, Python packages from PyPI, and pulls an Ollama model over the network without a clear pre-execution warning or consent step. This expands the system's trusted software base and can have supply-chain, bandwidth, and reproducibility implications, especially on a fresh machine where the user may not expect external downloads.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script backs up OpenClaw configuration and registers a persistent scheduled task that will run later and send results to a Feishu user, but it does so without an explicit warning/confirmation step right before modifying application state. Scheduled execution and messaging integrations are more sensitive than one-time setup because they create ongoing behavior the user may overlook.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.