Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ARC Reactor
v1.0.3LLM Wiki 知识编译引擎。将 URL、文章、视频等素材编译为结构化知识库。触发词:搜一下、帮我看、这个讲了什么、读一下、看看这个、调研、Ingest、知识编译。支持视频转写(阿里云NLS/本地Whisper)、网页智能抓取、Wiki 4连击 Ingest(source/entity/index/log)、知...
⭐ 0· 47·1 current·1 all-time
by@spzwin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be an LLM Wiki ingestion/compiler which reasonably needs python3 and yt-dlp; however the code and docs also rely on ffmpeg/ffprobe, requests, mlx_whisper, Aliyun NLS access keys, search provider API keys, and tooling/plugins referenced in env-setup.md. The registry metadata declares no required env vars and only python3/yt-dlp, so the declared surface is incomplete compared to what code and docs expect.
Instruction Scope
SKILL.md and templates instruct the agent to spawn sub-agents, run archive-manager.py via heredoc, read and write the local arc-reactor-doc workspace, create/update .env (OBSIDIAN_VAULT_PATH/AUTO_SYNC), run media downloads/transcription, and (in templates) send artifacts via a messaging tool (Telegram). These instructions allow broad file I/O and network calls, and instruct the agent to perform autonomous outbound verification/searches — all of which go beyond a simple 'summarize a URL' helper and could lead to unintended data exposure if not controlled.
Install Mechanism
There is no authoritative install spec in the registry, but SKILL.md includes an 'install: pip' metadata hint; code imports requests, mlx_whisper and expects ffmpeg/ffprobe binaries while only yt-dlp and python3 are declared. Missing declared native binaries (ffmpeg/ffprobe) and unspecified pip/third-party packages are incoherent and increase risk because dependencies will be installed/used without a vetted manifest.
Credentials
Multiple sensitive environment variables are referenced across docs and code (OBSIDIAN_VAULT_PATH, AUTO_SYNC, ALIYUN_NLS_APPKEY, ALIYUN_ACCESS_KEY_ID, ALIYUN_ACCESS_KEY_SECRET, SEARCH_API_KEY, SEARCH_PROVIDER, etc.) yet the registry lists none as required. The skill's env-setup explicitly asks the agent to guide the user to populate secrets and to write them into .env, which is a privilege that should be disclosed and limited.
Persistence & Privilege
always:false (good). The skill does instruct writing/archiving artifacts into arc-reactor-doc, adding sync markers, and optionally writing .env; it also uses subprocesses and may spawn background workers (code review flagged os.fork usage). This is expected for a local ingestion tool but requires caution: it will create/modify files in the workspace and run network-capable code.
What to consider before installing
This skill appears to implement a full ingestion/archival pipeline (downloading media, transcribing, creating wiki files, optionally syncing to Obsidian and calling cloud ASR). Before installing, do the following: (1) Confirm which environment variables and credentials you must provide (Aliyun keys, search API keys, OBSIDIAN_VAULT_PATH) and only supply what you trust; (2) Run the code in an isolated environment/container because it performs filesystem writes and spawns processes; (3) Ensure required native binaries are installed (ffmpeg/ffprobe, yt-dlp) and review any pip dependencies the skill will install; (4) If you do not want automatic external sync or network uploads, set AUTO_SYNC=false and remove/disable messaging hooks (templates reference sending to Telegram); (5) Manually inspect archive-manager.py, media-extractor.py and spawn templates for any calls that send data off-box; (6) If unsure, test with non-sensitive sample data first and ask the author to provide an explicit manifest of required env vars, binaries, and a lockfile for Python dependencies.Like a lobster shell, security has layers — review code before you run it.
latestvk9724e58kgwcb16xtb0vg34zv184jjyt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython3, yt-dlp