Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Duru Obsidian KB
v0.1.0Build and maintain a personal Obsidian-based knowledge base from articles, papers, repositories, datasets, spreadsheets, and local files. Use when the user w...
⭐ 0· 13·0 current·0 all-time
byDuru@durugy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description match the code and instructions: scripts perform ingest, build, search, ask, chart, lint, and healthcheck for a local markdown/Obsidian KB. The artifacts and config paths (manifest.json, wiki/, raw/, outputs/) are appropriate for this purpose.
Instruction Scope
Runtime instructions and scripts perform expected actions (HTTP fetches, PDF download/extraction, git repo cloning/summarization, reading/writing files under the configured KB roots). They also reference a local prompt-shield script and vendor skill processors under the workspace. This is coherent for an ingestion pipeline, but you should be aware the skill will fetch arbitrary URLs and write files to configured KB roots and workspace paths.
Install Mechanism
No install spec in the registry; the repo provides Python scripts and a pyproject with common data-processing deps (pandas, matplotlib, openpyxl, pypdf, pdfplumber). README suggests using 'uv' to create a venv. There are no remote archives or obscure download URLs in the install step, so install risk is routine for a Python project.
Credentials
The skill does not declare required environment variables or credentials. It does read OPENCLAW_WORKSPACE (or falls back to $HOME/.openclaw/workspace) and expects repository roots configured in knowledge-bases/config/repos.json. It may invoke other local skill processors under WORKSPACE/skills if present (prompt-shield-lite, vendor-anthropic/*), which is reasonable for modular local tooling but worth noting since those are additional code dependencies.
Persistence & Privilege
The skill is not force-included (always:false) and uses normal agent-invocation patterns. It writes files under user-configured KB roots and may create a venv, which is expected behavior for a local KB tool. It does not attempt to modify other skills' configurations or request global agent privileges.
Scan Findings in Context
[ignore-previous-instructions] expected: The pre-scan flagged prompt-injection text patterns; the repository intentionally implements prompt-injection scanning (prompt-shield-lite) and also scans ingested text for prompt-like segments. The presence of these patterns is expected and used as a defensive measure in this skill.
Assessment
This skill appears to be what it says: a local Obsidian-friendly knowledge-base tool. Before installing or running it: 1) Review and control the configured KB roots in knowledge-bases/config/repos.json to avoid pointing the skill at sensitive or system directories (it will write files there). 2) Be aware scripts will fetch arbitrary URLs, download PDFs, and may clone repositories — run it in an isolated workspace or container if you are cautious. 3) The code expects optional helper scripts under your OPENCLAW_WORKSPACE (prompt-shield-lite and vendor processors); if those are missing the skill degrades but will still attempt local fallbacks. 4) Install Python deps in a virtualenv as instructed (uv or venv) so system Python is not polluted. 5) If you need stronger assurance, inspect the remaining truncated files (ingest/route/search) and confirm there are no hardcoded remote endpoints or hidden upload steps — current visible code writes locally and fetches remote content only when ingesting sources.Like a lobster shell, security has layers — review code before you run it.
latestvk9738j7ejvx8c4y3f7hjcefm3984b71g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.