ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

claw-local-knowledge

v1.0.0

本地知识库技能,用于添加和检索知识。当用户需要将文档(docx/pdf/xlsx/pptx)添加到知识库时使用本技能,或在需要从知识库中检索相关知识时使用。

1· 120·0 current·0 all-time
byZexun Lin@overdue-lin

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for overdue-lin/claw-local-knowledge.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "claw-local-knowledge" (overdue-lin/claw-local-knowledge) from ClawHub.
Skill page: https://clawhub.ai/overdue-lin/claw-local-knowledge
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install claw-local-knowledge

ClawHub CLI

Package manager switcher

npx clawhub@latest install claw-local-knowledge
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the declared behavior: converting uploaded docx/pdf/xlsx/pptx to markdown, storing them under .openclaw/workspace/memory/knowledge_base and maintaining an index. Requested resources (none) and file paths are consistent with a local knowledge-base skill.
Instruction Scope
Instructions are mostly within scope (scan temp_file, convert to markdown, clean text, update index, delete originals). However the README/SKILL.md recommend injecting text into SOUL.md to enable proactive loading — that directs the agent to modify workspace-level configuration controlling agent behavior and goes beyond pure ingestion/retrieval.
Install Mechanism
No install spec and no code files present. Instruction-only skills are lower-risk from an install perspective because nothing is downloaded or executed by an installer.
Credentials
No environment variables, credentials, or external endpoints are requested. All file accesses are local and proportional to the stated purpose.
!
Persistence & Privilege
The skill suggests injecting directives into SOUL.md to make the agent proactively load the skill when uncertain. Writing such persistent instructions into a workspace/agent config increases the skill's persistence and ability to influence agent behavior; this is a meaningful privilege and should be explicitly authorized by the user.
Scan Findings in Context
[no_code_files_to_scan] expected: The regex-based scanner had no code files to analyze because this is instruction-only (SKILL.md plus docs). Absence of findings does not guarantee safety; review the prose instructions (which we did).
What to consider before installing
This skill appears to do what it says (convert and index local documents and read them back), and it does not request credentials or external network access. However it recommends injecting lines into SOUL.md so the agent will proactively load the skill — that modifies workspace/agent behavior and increases persistence. Before installing: 1) Confirm you want the agent to automatically consult this local knowledge store and allow the skill to write to SOUL.md or workspace files; 2) Review and approve any exact text the skill will append to SOUL.md; 3) Ensure uploaded files in .openclaw/workspace/temp_file/ don't contain secrets you wouldn't want stored in the workspace (the skill will convert and save contents to markdown); and 4) if you prefer less persistence, do not apply the SOUL.md injection and only invoke the skill manually. If you want more assurance, request the author add an explicit, one-time opt-in step for modifying SOUL.md rather than automatic injection.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c7cdy8nd3vyvepwa3dcqdpd844h5a
120downloads
1stars
1versions
Updated 3w ago
v1.0.0
MIT-0
Zexun Lin@overdue-lin
latest
Download

Local Knowledge Skill

本地知识库技能,帮助 AI Agent 管理本地文档知识库。

主要功能

  • 添加知识:将用户上传的 docx、pdf、xlsx、pptx 文档转换为 markdown,存入知识库
  • 检索知识:从知识库中检索与当前任务相关的文档内容

何时使用

  • 用户要求将文档添加到知识库
  • 用户上传了文件并希望整合到知识库
  • Agent 需要查询知识库中的已有知识来辅助回答问题
  • 用户询问与知识库中已有文档相关的内容

References 指引

场景读取文件说明
添加/整合知识references/add_knowledge.md完整的文件转换流程:检查临时文件 → 转换格式 → 清洗乱码 → 更新索引
检索知识references/retrieval_knowledge.md检索流程:读取索引 → 定位文件 → 读取内容 → 整合信息

Comments

Loading comments...