ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

feynman-fsrs-pro

v1.0.1

基于 FSRS 算法的费曼学习导师,通过 PostgreSQL 记忆库与 Obsidian 笔记联动,引导用户进行深度复习。严格遵循笔记同步→到期检查→针对性提问→动态追问→结算存储的五步流程。

0· 39·0 current·0 all-time
byKi June@sheldon-mmmp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to integrate Obsidian notes with a PostgreSQL-backed FSRS memory table — the included JS files implement that. This integration legitimately requires access to a Postgres DB and the Obsidian CLI. However, the package/registry metadata declares no required environment variables or credentials while the code contains hard-coded DB credentials and a fixed vault name, which is inconsistent and surprising.
!
Instruction Scope
SKILL.md requires scanning the user's Obsidian vault and reading note contents, and the code does exactly that via an obsidian CLI wrapper. The instructions also mandate writing review results to the local DB. These actions are coherent with the stated purpose, but the skill's instructions and code rely on a local obsidian binary and a local Postgres instance with specific credentials — these runtime dependencies are not declared in the registry metadata. The SKILL.md enforces strict flow (sync → due check → question → follow-up → update), which is fine, but the instructions allow the skill to read many user notes and write to a DB without surfacing any privacy or credential handling safeguards.
Install Mechanism
There is no install spec (instruction-only), which means nothing will be automatically downloaded by the platform on install. The repo includes Node.js scripts and package.json (pg dependency), but no automated installer. The absence of an install step reduces remote-code-install risk, but users who run the included code will need to install Node and the 'pg' dependency themselves.
!
Credentials
The registry lists no required env vars or credentials, yet the code contains plaintext DB connection credentials (user=openclaw_feiman, password=12345678, host=127.0.0.1, db=openclaw_feiman) and a hard-coded Obsidian vault name. Requiring direct DB access is expected for the feature, but embedding credentials in code and not declaring required secrets is disproportionate and a security smell. There are no external network endpoints in the code, but child_process.execSync is used to run the 'obsidian' CLI which can interact with the local filesystem and, depending on the CLI, with other services.
Persistence & Privilege
The skill is not always-included and does not request elevated agent privileges. It performs persistent writes only to its own PostgreSQL table (feynman_memory) as part of normal operation. It does not modify other skills, agent configs, or system-wide settings.
What to consider before installing
Summary of what to consider before installing or running this skill: - The skill does what it says (reads Obsidian notes and stores review state in PostgreSQL), but it contains hard-coded DB credentials (user=openclaw_feiman, password=12345678, host=127.0.0.1). This is inconsistent with the registry metadata (which declares no required credentials) and is a security red flag. Do not run this code against any production or sensitive Postgres instance. - The SKILL.md expects the 'obsidian' CLI to be installed and a vault named 'new-note'. Confirm you have the CLI from a trusted source and that you understand which vault will be scanned; the skill will read many .md files. - The code uses child_process.execSync to call the obsidian CLI. This is reasonable for calling an external binary, but any code that constructs shell commands with interpolated values can have command-injection risks. Prefer a version that escapes arguments or uses a safer exec API. - Recommendations before running/installing: 1) Inspect and (preferably) remove hard-coded credentials. Configure DB connection via environment variables or a config file and document required env vars in the skill metadata. 2) Create a dedicated local Postgres database and a least-privilege DB user for this skill; use a strong password and bind it to localhost only. Do not reuse existing critical DB credentials. 3) Consider running the skill in an isolated environment (local VM, container) with limited network access while testing. 4) Review and, if possible, harden obsidian CLI usage: ensure argument escaping and validate file paths returned from the CLI before passing to shell commands. 5) If you need privacy, audit which notes will be read and remove any sensitive files from the vault before use. If you want help making this safer, I can suggest concrete code changes (move credentials to env vars, use execFile/child_process.spawn with argument arrays, validate inputs, or a checklist to create a safe test DB and vault).
scripts/database.js:25
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cy8bs2tj1hhvpfrcdk21kg58477p9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments